Date: Tue, 8 Sep 2015 10:57:23 -0500 From: JimF <jfoug@....net> To: john-dev@...ts.openwall.com Subject: Re: auditing our use of FMT_* flags On 9/8/2015 10:42 AM, Kai Zhao wrote: > Since JimF has add the flag for MediaWiki, PHPS and PHPS2, I think I > should add these formats to whitelist. Maybe also includes > dynamic=md5($p). Should I ? > https://github.com/magnumripper/JohnTheRipper/commit/cc5ae475bad53ca46b9c74a82848bc86c6b9c314 Is the @dynamic@ also a problem format. It should NOT be white listed. The way that dynamic was written, ANY hash that uses hex for the hash string will automatically get that bit set within the call to init() The bug comes (as I have been made aware), of usage of the 'minimal' format structure prior to the time that init() is called. Thus, if you are seeing any dynamic hashes that trip this issue, then they are buggy and need fixed. When you find these, please make sure to cc me personally about the problems, thank you. Jim.
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.