Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Date: Wed, 12 Aug 2015 22:05:42 -0500
From: "jfoug@....net" <jfoug@....net>
To: john-dev@...ts.openwall.com
Subject: Re: Lei's weekly report #15

On Wed, 12 Aug 2015 21:38:24 -0500, Lei Zhang <zhanglei.april@...il.com>  
wrote:


> I got this error message:
>
> form=episerver_sha1               guesses: 1476 -show=1476 0:00:00:00  
> DONE : Expected count(s) (1500)  [!!!FAILED1!!!]
> .pot CHK:episerver_sha1           guesses: 1476 0:00:00:00 DONE   
> [PASSED] (1476 val-pwd)
>
> form=episerver_sha256             guesses: 1476 -show=1476 0:00:00:00  
> DONE : Expected count(s) (1500)  [!!!FAILED1!!!]
> .pot CHK:episerver_sha256         guesses: 1476 0:00:00:00 DONE   
> [PASSED] (1476 val-pwd)
>
> What does that mean?

It 'may' be expected.   There are some tests which we will have to add  
specific multiple 'valid' number of passing tests. These are due to some  
data within the test being longer passwords than certain builds can handle.

This also may mean that there are BUGS.  If the code blindly inserts data,  
and you do not have proper length settings, then you will get longer  
passwords sent to your format, which can overwrite internal buffers of the  
candidates around the one you are writing data to.

So either way, we need to find out.  If you run the ts with these command  
switches:

-v -v -v --stop   it will print out a whole lot of stuff to screen, but it  
will stop on the first error. It shows you the command used that failed.   
So now, you can run that command by hand, then use the -show and  
-show=left to find out what was found, and what was 'missed'.  If all of  
the missed data is long passwords, then we will need to adjust the  
jtrts.dat file saying that 1476 is a 'correct' possibility for this  
format.   If the missed words vary, then again, it is likely that you have  
not set the plaintext length properly, which would allow the very long  
passwords (120's, 125's, 128's) scattered in the input dictionary to smash  
your buffers.  That is exactly why those longer passwords were put in  
there, to help force problems like this, when a format is too promiscuous  
allowing data that are longer than it can handle.


Jim.

---
This email has been checked for viruses by Avast antivirus software.
http://www.avast.com

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.