Date: Fri, 6 Nov 2009 09:56:41 -0600 From: "JFoug" <jfoug@....net> To: <john-users@...ts.openwall.com> Subject: A couple broken formats from jumbo-2 The MMX/SSE builds of mssql and mssql05 are broken. I found this, when I changed the testing code in format.c from format->methods.set_salt(salt); format->methods.set_key(current->plaintext, index); to the 'proper' order of: format->methods.set_key(current->plaintext, index); format->methods.set_salt(salt); The thing 'broken' within mssql_fmt and mssql05_fmt are that in the MMX builds, the set_key() function is loading the key into the input buffer, and then loading the salt. However, during normal running, john sets all the keys, and then repeatedly, calls set_salt/crypt_all ... set_salt/crypt_all .... until all salts have been handled. Thus, as written, the mssql formats in MMX will only find a random password here and there, due to not properly setting the salts. I have seen this in example: Loaded 13 password hashes with 13 different salts (MS-SQL [ms-sql]) FOO () BAR () CANARD () LAPIN () guesses: 4 time: 0:00:00:00 100.00% (ETA: 11/06/09 09:38:46) c/s: 46000 trying: Loaded 13 password hashes with 13 different salts (MS-SQL [ms-sql SSE2]) BAR () I took the 4 test formats, and built a file with more of them (but corrupted the other lines with 'wrong' numbers). I also spread out the 'real' data throughout the file, and ran it. The password file only contained the 4 passwords. The correct way the format HAS to be, is that set_key() sets the key (it can load it into the intput buffer in MMX format). However, at crypt_all, the salt has to be loaded. It IS loaded for the non-SSE code, but not for SSE. I have not made this change yet. I will not make this part of the -after-jumbo patch set I am working on. It certainly is it's own stand alone, and probably should be part of a jumbo-3. I can easily get the code 'right', and submit a stand alone patch for this, but it is not on my priority. Jim.
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.