Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [day] [month] [year] [list]
Date: Wed, 13 Jul 2011 17:17:47 -0500
From: "jfoug" <jfoug@....net>
To: <john-users@...ts.openwall.com>
Subject: John 1.7.8-jumbo-2  Patch to fix multiple formats (and to add upcase/downcase unicode support).

On the wiki page, an update which goes along with the release of the 1.03
John_Test_Suite has been released.    This patch file adds supports for
‘proper’ upcasing and lowercasing of Unicode data.  Also there are many
fixes to numerous formats, to ‘fix’ the problems found using the test suite.

 

This patch is found on the John wiki, at:
http://openwall.info/wiki/john/patches

 

Here is a list of changes:

 

- Proper upper and lowercase of Unicode handled (pretty complex). Oracle and
mssql hashes would NOT work properly without this. 
- many small fixes in md5_gen, mostly to restrict sizes of passwords, and
salts. Also fixed bugs like the $ and $$ in salt bug. 
- changed the interface of the utf16toutf8 unicode.c function, to be 'thread
safe'. 
- fixed a few portability bugs (john.c and Sybase_fmt) dealing with VC
builds. 
- john.c also has to call initUnicodeCase() during startup. The upcasing can
be used, even if NOT running in -utf8 mode. 
- A new 'UnicodeData.h' file was generated. There is also a 'project' to
generate this file from the unicode.org data files 
- The upcasing in unicode.c can be used to strupr/strlwr ansi data also. It
allows changing case of Niña into NIÑA. This has not yet be placed 'into'
john, but we now can do this (extern, rules, etc). 
- mscash1 would crash for user names longer than 19 bytes. It now 'handles'
them. NOTE, it does not find hashes with user names of 20 to 22 bytes, but
this will be changed in the future. 
- the cash2 was not finding 22 byte user names (did not crash, just did not
find them) 
- Big fixes to mssql and oracle formats. Now properly works upcasing etc.
Binary data, utf8 data works. Also, properly working on Big Endian systems.
These formats are a little more difficult, since they require upcasing
Unicode data. 
- SQL05. Fixed a 'possible' memory overwrite (worst case utf8 conversion
scenario). 
- Reduced max PW len for PHPass format, to what can be handled. 
- Fixed some 'possible' buffer overflows in Raw_MD5_Unicode format. 

 

Jim.

 


Powered by blists - more mailing lists

Your e-mail address:

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.