Date: Sat, 15 Aug 2015 19:33:53 +0300 From: Solar Designer <solar@...nwall.com> To: john-dev@...ts.openwall.com Subject: testing every index (Re: more robustness) Kai, On Sat, Jul 04, 2015 at 07:34:55PM +0300, Solar Designer wrote: > On Sat, Jul 04, 2015 at 10:17:21PM +0800, Kai Zhao wrote: > > Currently --test has already mimic actual cracking except it only contains > > correct passwords. > > No, that's not the only aspect in which it differs from actual cracking. > As I wrote above, "--test performs only very basic testing, hashing one > password at a time (albeit in different key indices)". > > So when max_keys_per_crypt is higher than 1, and it usually is, the > current self-test would only test one key at a time anyway. This means > that computation for other key indices is left untested. This is > mitigated by testing multiple key indices like that: > > /* 0 1 2 3 4 6 9 13 19 28 42 63 94 141 211 316 474 711 1066 ... */ > if (index >= 2 && max > ntests) > index += index >> 1; > else > index++; > > but as you can see this does not result in an exhaustive set of indices, > and it is very wasteful (e.g., 712 passwords are hashed, most of them > uninitialized, to test only one index 711). Have you since implemented testing of every index (in the range of 0 to max_keys_per_crypt) when running with --test-full? Where is it in code? I recall us finding one bug in this way, but I don't see it in code. Alexander
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.