Date: Thu, 13 Aug 2015 01:57:10 +0800 From: Kai Zhao <loverszhao@...il.com> To: john-dev@...ts.openwall.com Subject: Re: auditing our use of FMT_* flags Hi Alexander, On Fri, Aug 7, 2015 at 1:01 AM, Solar Designer <solar@...nwall.com> wrote: > Kai, > > On Mon, Jul 27, 2015 at 11:24:21AM +0200, magnum wrote: >> On 2015-07-27 09:48, Kai Zhao wrote: >> >$ ./john --test=0 --format=LM >> >Will run 8 OpenMP threads >> >Testing: LM [DES 256/256 AVX2-16]... (8xOMP) PASS >> > >> >Change the first password: "AAAAAA" -> "AAAAAa" >> > >> >$ ./john --test=0 --format=LM >> >Will run 8 OpenMP threads >> >Testing: LM [DES 256/256 AVX2-16]... (8xOMP) FAILED (get_key(0)) >> >> The format DOES change the case to upper but since the test vector still >> has it in lower, it fails. This is just a current technical aspect of >> self-tests, you can ignore it. > > As magnum correctly pointed out, your test is sort of wrong. It detects > that get_key() isn't returning the key that was previously set. For LM, > that's deliberate: the key is visibly converted to uppercase, and we > want it written to john.pot that way. In order not to trigger this > detection on our normal self-test, we provide all of the test vectors > with already all-uppercase passwords. There's certainly room for > improvement here: to be able to self-test the uppercasing and truncation > at length 7, yet check that get_key() returns mostly the same password, > modulo case and truncation (check for the flags and max length first). > An improvement like that would apply to our old, quick self-test as > well. Then we'd be able to list test vectors that would be meant to be > uppercased and truncated. > > As to your --test-full also detecting this non-issue, this appears to be > due to the get_key() check included in is_key_right() even when called > from test_fmt_case(), test_fmt_8_bit(), and fmt_self_test_full_body(). > You need to either have the get_key() check skipped when invoked from > there, or enhance it as I have described above. I changed the is_key_right() function to handle uppercasing. The truncation was already supported by the old self-test. Below is my patch: https://github.com/loverszhaokai/JohnTheRipper/commit/29c513c8316cf310b405717b3a719ee282f38740 Now the LM, netlm, and those formats which does not set FMT_CASE can change their self-test passwords to lowercase or both lowercase and uppercase. When test FMT_CASE, I think we can ignore the results of get_key(), when we test a passwords which is differ in case, what we care is the result of cmp_all(). I have tested this patch. It seems to work. Do you think so ? Thanks, kai
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.