Date: Sat, 22 Aug 2015 04:45:42 +0300 From: Solar Designer <solar@...nwall.com> To: john-dev@...ts.openwall.com Subject: Re: testing every index (Re: more robustness) Kai, On Sat, Aug 22, 2015 at 12:37:49AM +0800, Kai Zhao wrote: > Here is a new patch which supports: all correct, all incorrect, even index > correct, odd index correct, even hash(i) correct, and odd hash(i) correct. > > https://github.com/loverszhaokai/JohnTheRipper/commit/fb4661e51779c28bb8e2d1a87283a92e172f8025 > > Is there any problems ??? In addition to the questions/issues I posted separately: You don't appear to fully test the incorrect password indices. You only check cmp_all() for those. You should be checking cmp_one() and cmp_exact() as well, just like you do for the correct password indices, but expecting the opposite result. You may also check the largest get_hash(). (False positives are too likely for smaller sizes, but 27-bit should be good enough.) Why do you exclude the VNC format from the cmp_one() test? This looks wrong to me. I mean this: if (format->methods.cmp_one(binary, i) && strcmp(format->params.label, "VNC")) Alexander
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.