Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <68667edd2868492724e49a2ce1719818@smtp.hushmail.com>
Date: Thu, 13 Aug 2015 19:50:30 +0200
From: magnum <john.magnum@...hmail.com>
To: john-dev@...ts.openwall.com
Subject: episerver UTF-8 (was: Re: Lei's weekly report #15)

On 2015-08-13 12:17, Lei Zhang wrote:
> On Aug 13, 2015, at 5:26 AM, magnum <john.magnum@...hmail.com> wrote:
>>
>> Maybe you could even add episerver to pass_gen.pl?
>
> I'm not sure what you mean. I can see episerver is already in pass_gen.pl.
>
> I don't know if I'm doing it correctly, but that's how I did the test:
>
> $ cat pw-utf8.dic | ../run/pass_gen.pl -utf8 episerver_sha1 > tst_utf8.in
> $ ../run/john --format=episerver --wordlist=pw-utf8.dic tst_utf8.in --encoding=utf8

Ah, I just tried "pass_gen.pl episerver". Good, then it's easy to create 
more test vectors.

> And there're 257 out of 1500 hashes not cracked. I viewed the corresponding uncracked passwords: most of them are long (probably exceed PLAINTEXT_LENGTH), but some are not. For example, '€€€€€€€' cannot be cracked, while '€€€€€€' (one less char) can be cracked. The length of it surely doesn't exceed PLAINTEXT_LENGTH. Is there something special with this string? I feel I'm still missing some point in the UTF8 encoding...

Each '€' results in three bytes of UTF-8. '€€€€€€€' is thus 21 bytes, 
and exceeds PLAINTEXT_LENGTH (which is given in bytes) while '€€€€€€' is 
18 bytes and fits within it. So from the sound of it, your format is AOK.

BTW that's the reason for this, found in all FMT_UTF8 formats:

	if (pers_opts.target_enc == UTF_8)
		self->params.plaintext_length = MIN(125, 3 * PLAINTEXT_LENGTH);

This allows up to 57 bytes of key for up to 19 characters of UTF-8. And 
while Jumbo formats otherwise never need to truncate/check max length, 
UTF-8 formats has to do that, after the above. Because the added room 
for 57 bytes would also allow a plain ASCII key of up to 57 characters - 
which we can't allow writing past buffer!

magnum

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.