Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Thu, 20 Aug 2015 12:03:23 +0200
From: magnum <john.magnum@...hmail.com>
To: john-dev@...ts.openwall.com
Subject: Re: JtR encoding help needed

On 2015-08-20 10:08, Shinnok wrote:
>> On Aug 18, 2015, at 11:37 PM, magnum <john.magnum@...hmail.com> wrote:
>> On 2015-08-18 14:23, Mathieu Laprise wrote:
>>> Shinnok want to indicate non-printable or control chars in Johnny's
>>> Password field for core and jumbo. We're not really experimented with
>>> encoding. How does JtR prints ascii control chars in john --show ?
>>
>> It just prints them. A tab is printed as a tab, an \x07 might ring a bell. It's normally not an issue since no-one has them in real passwords.
>
> I think Frank asked for this in one of his Johnny reviews? Frank, have you ever encountered non-printable ASCII in passwords, maybe just in contests?
>
> What we can do is manually substitute the ASCII non-printable and control chars with their escaped hex or octal variant. I don't think there's a smarter way of handling this.

I'd prefer hex over octal, and perhaps standard stuff like \g too when 
available but anyway how will you know it's not literally \x07? Would we 
then escape the backspace? Either way we do it add some confusion.

Take "se\x07cret ninja\b\b\b\b\b     " for example. An alternative is to 
(either optionally or under certain conditions - or always) add a 
hex-dump of it:

root secret 73650763726574206e696e6a6108080808082020202020

A string like "se\gcret ninja\b\b\b\b\b     " would be easier to digest 
but hex output is the least ambiguous.

On a side note, I have considered using/adding hex in the .pot file. 
It's a canonical way to solve the problem with encodings. Especially the 
cases of -enc:raw or when encoding was incorrectly specified. This may 
eg. result in printing Щ instead of Ö but you'll know afterwards it was 
literally \x99 hex.

magnum

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.