Date: Thu, 20 Aug 2015 12:03:23 +0200 From: magnum <john.magnum@...hmail.com> To: john-dev@...ts.openwall.com Subject: Re: JtR encoding help needed On 2015-08-20 10:08, Shinnok wrote: >> On Aug 18, 2015, at 11:37 PM, magnum <john.magnum@...hmail.com> wrote: >> On 2015-08-18 14:23, Mathieu Laprise wrote: >>> Shinnok want to indicate non-printable or control chars in Johnny's >>> Password field for core and jumbo. We're not really experimented with >>> encoding. How does JtR prints ascii control chars in john --show ? >> >> It just prints them. A tab is printed as a tab, an \x07 might ring a bell. It's normally not an issue since no-one has them in real passwords. > > I think Frank asked for this in one of his Johnny reviews? Frank, have you ever encountered non-printable ASCII in passwords, maybe just in contests? > > What we can do is manually substitute the ASCII non-printable and control chars with their escaped hex or octal variant. I don't think there's a smarter way of handling this. I'd prefer hex over octal, and perhaps standard stuff like \g too when available but anyway how will you know it's not literally \x07? Would we then escape the backspace? Either way we do it add some confusion. Take "se\x07cret ninja\b\b\b\b\b " for example. An alternative is to (either optionally or under certain conditions - or always) add a hex-dump of it: root secret 73650763726574206e696e6a6108080808082020202020 A string like "se\gcret ninja\b\b\b\b\b " would be easier to digest but hex output is the least ambiguous. On a side note, I have considered using/adding hex in the .pot file. It's a canonical way to solve the problem with encodings. Especially the cases of -enc:raw or when encoding was incorrectly specified. This may eg. result in printing Щ instead of Ö but you'll know afterwards it was literally \x99 hex. magnum
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.