[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Thu, 06 Aug 2015 23:32:46 +0200
From: magnum <john.magnum@...hmail.com>
To: john-dev@...ts.openwall.com
Subject: Re: auditing our use of FMT_* flags
On 2015-08-06 20:09, Solar Designer wrote:
> On Tue, Aug 04, 2015 at 08:57:29AM +0800, Kai Zhao wrote:
>> 1. FMT_8_BIT
>>
>> 1.1 formats have not set FMT_8_BIT but there is at least one
>> password which does not ignore the 8th bit
>>
>> bsdicrypt, has-160, pomelo, pufferfish, Stribog-256, wpapsk
>
> I've just fixed bsdicrypt's code. The rest should have the flag set.
> Kai, you may commit that change.
I'm not sure we want it for WPAPSK. While it technically handles 8-bit
just fine, a WPAPSK passphrase is 8 to 63 printable ASCII characters
according to the spec.
IEEE Std. 802.11i-2004, Annex H.4.1: Each character in the pass-phrase
must have an encoding in the range of 32 to 126 (decimal), inclusive.
I suspect there's one or two implementations that missed this and do
allow 8-bit but for normal use, I think we should not set FMT_8_BIT
(because it does/should affect what incremental mode is picked by
default in Jumbo).
magnum
Powered by blists - more mailing lists
Confused about mailing lists and their use?
Read about mailing lists on Wikipedia
and check out these
guidelines on proper formatting of your messages.
