Date: Fri, 7 Aug 2015 01:16:01 +0300 From: Solar Designer <solar@...nwall.com> To: john-dev@...ts.openwall.com Subject: Re: auditing our use of FMT_* flags On Thu, Aug 06, 2015 at 11:32:46PM +0200, magnum wrote: > On 2015-08-06 20:09, Solar Designer wrote: > >On Tue, Aug 04, 2015 at 08:57:29AM +0800, Kai Zhao wrote: > >>1. FMT_8_BIT > >> > >> 1.1 formats have not set FMT_8_BIT but there is at least one > >> password which does not ignore the 8th bit > >> > >> bsdicrypt, has-160, pomelo, pufferfish, Stribog-256, wpapsk > > > >I've just fixed bsdicrypt's code. The rest should have the flag set. > >Kai, you may commit that change. > > I'm not sure we want it for WPAPSK. While it technically handles 8-bit > just fine, a WPAPSK passphrase is 8 to 63 printable ASCII characters > according to the spec. > > IEEE Std. 802.11i-2004, Annex H.4.1: Each character in the pass-phrase > must have an encoding in the range of 32 to 126 (decimal), inclusive. Oh, OK. Makes sense. > I suspect there's one or two implementations that missed this and do > allow 8-bit but for normal use, I think we should not set FMT_8_BIT > (because it does/should affect what incremental mode is picked by > default in Jumbo). I suspect that technically most implementations (not "one or two") allow 8-bit input. But perhaps this is not commonly actually used, since WPA passphrases are typically to be input by many people on many devices. Alexander
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.