Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Wed, 13 Jul 2011 16:14:09 -0500
From: "jfoug" <jfoug@....net>
To: <john-users@...ts.openwall.com>
Subject: John Test Suite v1.03 released

A new version of John Test Suite (v1.03) has been released. This version is
much more comprehensive than prior versions.  The dictionary files the
hashes were created with contains many garbage entries, binary data, very
long lines, etc, etc.  These have turned up numerous issues in some existing
formats.  Also the -utf8 support is now tested in a more robust manner.

 

The test suite is found on the wiki. Right now, it can be found at the
bottom of this page:

 

http://openwall.info/wiki/john/patches

 

I am also working on a wiki page, specifically for the test suite.  That is
still a work in progress.  It is as
http://openwall.info/wiki/john/test-suite 

 

This version the test suite, is released as a single tarball.  There is no
update.  All of the input files are 'new' and thus an update does not make
sense.   

 

To install and use the test suite:

 

1.       Download the tarball  (it's pretty big, 5.3mb compressed)

2.       Untar into a new directory.

3.       Edit the ./tstall script file, and change one of the first few
lines, to tell the script where john exists:  That line is the JOHN_PATH=
line.

4.       A few systems may need the JOHN_EXE= line changed (some windows
builds may need john.exe listed).

 

Now, simply run ./tstall script.  It will perform a check of john, and auto
detect if this is a 'jumbo' build, or if this is the 'core' build (core is
1.7.8 vs jumbo of 1.7.8-jumbo-2, etc).  The script will run the appropriate
tests, depending upon if the john is a 'core' or a 'jumbo' build.

 

The tests are now 'double' run (a test, and a validation). The first test
uses one of the 2 provided wordlist files.  The second test, will then cut
the found words from the john.pot (tst.pot) file, and create a new temporary
dictionary file with them.  The script then reruns john using this temporary
dictionary file.  This validates that the data written into john.pot file is
valid. This secondary validation did turn up some issues, especially with a
few-utf8 formats.

 

 

Also released is the set of dictionaries, the set of script files, perl
script (pass_gen.pl), some helper .C files, etc, which were used to generate
the John_test_Suite input hash files.  Thus, these hash files can be
re-constructed, and should show anyone that is interested, just what was
done to produce the test suite input files.  This 'creation' project is also
located on the same 'patches' wiki page where the 1.03 test suite is found:
http://openwall.info/wiki/john/patches

 

 

There will be a patch to john being released shortly that corrects several
issues found during the making of this test suite update.

 

 

Jim.


Powered by blists - more mailing lists

Your e-mail address:

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.