Date: Mon, 10 Aug 2015 21:13:01 +0800 From: Kai Zhao <loverszhao@...il.com> To: john-dev@...ts.openwall.com Subject: Re: auditing our use of FMT_* flags On Mon, Aug 10, 2015 at 5:53 PM, magnum <john.magnum@...hmail.com> wrote: > On 2015-08-10 11:32, Kai Zhao wrote: >> >> On Mon, Aug 10, 2015 at 5:27 PM, magnum <john.magnum@...hmail.com> wrote: >>> >>> On 2015-08-10 08:33, Kai Zhao wrote: >>>> >>>> 2. There is only one test vector for Stribog-512 and the password is an >>>> empty string. Since the Stribog-256 should set FMT_8_BIT, I wonder >>>> the Stribog-512 maybe should set too. >>> >>> >>> >>> Yes, I presume it should. We also have to create/find more test vectors >>> or >>> bugs will go undetected. >>> >> >> How to add more test vector ? Is there any document ? > > > If there are test vectors in whatever reference (eg. RFC) defines the > format, we should use them if applicable. > > If not, try to google some stribog hashes, or as a last restort just create > them using other means. We have pass_gen.pl for creating lots of hashes but > it doesn't support stribog. If possible, it should be added. I add a new test vector for stribog-512 and it does not ignore the 8th bit, so I add the FMT_8_BIT flag. https://github.com/magnumripper/JohnTheRipper/pull/1636/files Can we get the past contest pots ? I think we can find more test vectors by the contest pots. >> Should I create an issue : "Create more test vectors" ? > > > That might be a good idea. Actually there are a lot of formats that lack > appropriate test vectors. All formats should test its own max. length, a > null string (if applicable) and other random words of various length. 8-bit > formats should also have some 8-bit test vector. > Just created. https://github.com/magnumripper/JohnTheRipper/issues/1637 I think it would be better if john gives warning messages if the number of test vectors is less than 2 when using --test-full. Such as, "WARNING: this format has less test vectors, please add more" Thanks, Kai
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.