Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CABtNtWFakQgcH3qQ6JY4FT5KE-K-_FS47zXUx+PAEi_FVh9V+g@mail.gmail.com>
Date: Sat, 22 Aug 2015 10:29:55 +0800
From: Kai Zhao <loverszhao@...il.com>
To: john-dev@...ts.openwall.com
Subject: Re: testing every index (Re: more robustness)

Hi Alexander,

On Sat, Aug 22, 2015 at 9:45 AM, Solar Designer <solar@...nwall.com> wrote:
>
> Why do you exclude the VNC format from the cmp_one() test?  This looks
> wrong to me.  I mean this:
>
> if (format->methods.cmp_one(binary, i) && strcmp(format->params.label, "VNC"))

VNC is special. When I test a wrong password, it seldom changes crypt_out[index]
which is used by cmp_all() and cmp_one(). This introduces a problem:once you
test a correct password, the cmp_one() will return 1 when you test incorrect
passwords. Is this a bug ?

static int crypt_all(int *pcount, struct db_salt *salt)
{
        const int count = *pcount;
        int index = 0;

#ifdef _OPENMP
#pragma omp parallel for
        for (index = 0; index < count; index++)
#endif
        {
                int i;
                DES_cblock des_key;
                DES_key_schedule schedule;
                DES_cblock ivec;
                unsigned char encrypted_challenge[16] = { 0 };
                /* process key */
                for(i = 0; i < strlen((const char*)saved_key[index]); i++)
                        des_key[i] = bit_flip[ARCH_INDEX(saved_key[index][i])];
                memset(ivec, 0, 8);
                DES_set_key_unchecked(&des_key, &schedule);
                /* do encryption */
                DES_cbc_encrypt(cur_salt->challenge,
&encrypted_challenge[0], 8, &schedule, &ivec, DES_ENCRYPT);
                if(memcmp(encrypted_challenge, cur_salt->response, 8) == 0) {
                        DES_cbc_encrypt(&cur_salt->challenge[8],
&encrypted_challenge[8], 8, &schedule, &ivec, DES_ENCRYPT);
                        if(memcmp(encrypted_challenge,
cur_salt->response, 16) == 0)
                                memcpy((unsigned
char*)crypt_out[index], encrypted_challenge, 16);
                }
        }
        return count;
}

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.