Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 17 Jan 2007 21:11:07 +0300
From: Solar Designer <>
Subject: Re: New NT patch

On Wed, Jan 17, 2007 at 07:11:35AM -0800, Alain Espinosa wrote:
> I make this patch for 32 bit platform but i am sure its easy to modify
> to work in all platform supported by john. The patch works in:
> linux-x86-sse2:
> linux-x86-mmx:
> linux-x86-any:
> win32-cygwin-x86-sse2:
> win32-cygwin-x86-mmx:
> win32-cygwin-x86-any:
> Modify the makefile if you want to try other platform.

I think that you should be adding NT_fmt.c to JOHN_OBJS_MINIMAL (just in
one place for all targets), not to JOHN_OBJS with individual targets.

More importantly, the code in NT_fmt.c is buggy - the get_hash_*() and
binary_hash_*() functions are not supposed to return values that are out
of range for the corresponding hash table sizes.  I am immediately
getting a segfault when I run this on an actual password file.  I'm not
sure why the self-test passes; I might need to find that out and enhance
the self-test.

Also, there are two places in NT_fmt.c that assume a recent C compiler
that allows intermixed code and variable declarations.  I suggest that
you fix those to enable compilation e.g. with gcc 2.95.  One of them is
the "unsigned long *t" declaration in the middle of get_binary() and the
other is the saved_plain assignment before variable declarations in

I did not check whether there are possibly other bugs.

Finally, this patch does not include support for reading PWDUMP output
files.  There was a loader.c hack for that - please extract it from

> my computer: Celeron 3.00GHz
> -------------------------------------------------------------------------------------------
> patch                              linux-x86-any            linux-x86-sse2
> -------------------------------------------------------------------------------------------
> NT all patch                      1200K                        1200K
> Simon NT patch                1800K                        4800K
> this patch                         6200K                        6200K

This is quite impressive.  I didn't think that the old C code was _that_
unoptimal (for pure C code, that is).  However, we need to prove this
new performance with actual JtR runs - which doesn't work for me yet.

When you post a new revision of the patch, please call it
john-1.7.2-ntlm-alainesp-1.diff (and so on, increasing the "-1" suffix).
And please post it uncompressed - it's small enough and this makes a
difference for some web-based mailing list archives.

Thank you!

Alexander Peslyak <solar at>
GPG key ID: 5B341F15  fp: B3FB 63F4 D7A3 BCCC 6F6E  FC55 A2FC 027C 5B34 1F15 - bringing security into open computing environments

To unsubscribe, e-mail and reply
to the automated confirmation request that will be sent to you.

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.