Date: Thu, 6 Aug 2015 22:03:28 +0800 From: Kai Zhao <loverszhao@...il.com> To: john-dev@...ts.openwall.com Subject: Re: more robustness Hi Alexander, On Thu, Aug 6, 2015 at 9:29 PM, Solar Designer <solar@...nwall.com> wrote: > On Mon, Aug 03, 2015 at 04:01:14PM +0800, Kai Zhao wrote: >> On Sun, Jul 5, 2015 at 12:34 AM, Solar Designer <solar@...nwall.com> wrote: >> > So when max_keys_per_crypt is higher than 1, and it usually is, the >> > current self-test would only test one key at a time anyway. This means >> > that computation for other key indices is left untested. This is >> > mitigated by testing multiple key indices like that: >> > >> > /* 0 1 2 3 4 6 9 13 19 28 42 63 94 141 211 316 474 711 1066 ... */ >> > if (index >= 2 && max > ntests) >> > index += index >> 1; >> > else >> > index++; >> > >> > but as you can see this does not result in an exhaustive set of indices, >> > and it is very wasteful (e.g., 712 passwords are hashed, most of them >> > uninitialized, to test only one index 711). >> >> I may find a bug as you described. It cracks when there is only 1 password, >> but it fails when there is more then 1 passwords. >> >> Below is the detailed description. >> >> 1. Format = Oracle12C > > Thank you, Kai! > > Per commits, I think this has already been fixed, correct? > magnum has fixed this problem. https://github.com/magnumripper/JohnTheRipper/commit/3872820a963e99841d0ccdb682e1ca48b56094ef Thanks, Kai
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.