Date: Thu, 6 Aug 2015 16:29:05 +0300 From: Solar Designer <solar@...nwall.com> To: john-dev@...ts.openwall.com Subject: Re: more robustness On Mon, Aug 03, 2015 at 04:01:14PM +0800, Kai Zhao wrote: > On Sun, Jul 5, 2015 at 12:34 AM, Solar Designer <solar@...nwall.com> wrote: > > So when max_keys_per_crypt is higher than 1, and it usually is, the > > current self-test would only test one key at a time anyway. This means > > that computation for other key indices is left untested. This is > > mitigated by testing multiple key indices like that: > > > > /* 0 1 2 3 4 6 9 13 19 28 42 63 94 141 211 316 474 711 1066 ... */ > > if (index >= 2 && max > ntests) > > index += index >> 1; > > else > > index++; > > > > but as you can see this does not result in an exhaustive set of indices, > > and it is very wasteful (e.g., 712 passwords are hashed, most of them > > uninitialized, to test only one index 711). > > I may find a bug as you described. It cracks when there is only 1 password, > but it fails when there is more then 1 passwords. > > Below is the detailed description. > > 1. Format = Oracle12C Thank you, Kai! Per commits, I think this has already been fixed, correct? In general, when something had been brought to john-dev, please post a followup in here when the issue is fixed (or just to announce that a GitHub issue has been created and discussion is proceeding there). As it was, your john-dev posting stood like an open issue with no followup. Alexander
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.