|
Message-ID: <68667edd2868492724e49a2ce1719818@smtp.hushmail.com> Date: Thu, 13 Aug 2015 19:50:30 +0200 From: magnum <john.magnum@...hmail.com> To: john-dev@...ts.openwall.com Subject: episerver UTF-8 (was: Re: Lei's weekly report #15) On 2015-08-13 12:17, Lei Zhang wrote: > On Aug 13, 2015, at 5:26 AM, magnum <john.magnum@...hmail.com> wrote: >> >> Maybe you could even add episerver to pass_gen.pl? > > I'm not sure what you mean. I can see episerver is already in pass_gen.pl. > > I don't know if I'm doing it correctly, but that's how I did the test: > > $ cat pw-utf8.dic | ../run/pass_gen.pl -utf8 episerver_sha1 > tst_utf8.in > $ ../run/john --format=episerver --wordlist=pw-utf8.dic tst_utf8.in --encoding=utf8 Ah, I just tried "pass_gen.pl episerver". Good, then it's easy to create more test vectors. > And there're 257 out of 1500 hashes not cracked. I viewed the corresponding uncracked passwords: most of them are long (probably exceed PLAINTEXT_LENGTH), but some are not. For example, '€€€€€€€' cannot be cracked, while '€€€€€€' (one less char) can be cracked. The length of it surely doesn't exceed PLAINTEXT_LENGTH. Is there something special with this string? I feel I'm still missing some point in the UTF8 encoding... Each '€' results in three bytes of UTF-8. '€€€€€€€' is thus 21 bytes, and exceeds PLAINTEXT_LENGTH (which is given in bytes) while '€€€€€€' is 18 bytes and fits within it. So from the sound of it, your format is AOK. BTW that's the reason for this, found in all FMT_UTF8 formats: if (pers_opts.target_enc == UTF_8) self->params.plaintext_length = MIN(125, 3 * PLAINTEXT_LENGTH); This allows up to 57 bytes of key for up to 19 characters of UTF-8. And while Jumbo formats otherwise never need to truncate/check max length, UTF-8 formats has to do that, after the above. Because the added room for 57 bytes would also allow a plain ASCII key of up to 57 characters - which we can't allow writing past buffer! magnum
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.