Date: Wed, 20 Jul 2011 20:18:32 -0500 From: "jfoug" <jfoug@....net> To: <john-users@...ts.openwall.com> Subject: RE: md5_gen ... again I did list (within code) that this would happen. This exact case. // this code is BROKEN in the case where we have a 'simple' salt, that starts with a '$' // character. For now, I will simply comment these out, and they should work fine. NOTE, this // will break complex salts, which do not start with a 'normal' salt. Something like // $$Uuser will now fail (if that is the entire salt). But at this time, there are no 'canned' // formats that use that, so this patch will work around the problem, giving me some time to // address this for the 'complex' salt case, in a later version of md5_gen. // if (ciphertext[curdat.md5_gen_SALT_OFFSET] == '$') // strnzcpy(Salt, &ciphertext[curdat.md5_gen_SALT_OFFSET-1], SALT_SIZE); // else Thus what is happening, is you have no 'valid' salt What you have in the salt 'field' is $$U1234 But due to some other fixes I added, this is failing. At this time, until I spend more time coming up with a more generic 'fix', I would sugest that you build the format this way: [List.Generic:md5_gen(1400)] Expression=md5($s.:asterisk:.$p) [Asterisk SIP] Flag=MGF_SALTED Func=MD5GenBaseFunc__clean_input Func=MD5GenBaseFunc__append_salt Func=MD5GenBaseFunc__append_input1_from_CONST1 Func=MD5GenBaseFunc__append_keys Func=MD5GenBaseFunc__crypt CONST1=:asterisk: Test=md5_gen(1400)4a8e71480c5b1ef0a5d502a8eb98576a$1234:abcd Yes, I know that is not a 'fix', but I am not going down the knee jerk fix in the salts until I have a better chance to dig deeper, and get it 'right'. Jim. >-----Original Message----- >From: jm@...izoku.org [mailto:jm@...izoku.org] On Behalf Of Jean-Michel >Sent: Wednesday, July 20, 2011 6:27 PM >To: john-users@...ts.openwall.com >Subject: [john-users] md5_gen ... again > >I upgraded from john 1.7.7 to john 1.7.8 with all patches applied. > >On x64 build, the patch john-1.7.8-jumbo-2after-MSCash2-many-fixes- >1.diff >made some of my md5_gen configuration scripts to fail. > >It seems that having the flag MGF_USERNAME without MGF_SALTED breaks the >format. > >For example, for Asterisk SIP secret hashes, I have : > >[List.Generic:md5_gen(1400)] >Expression=md5($u.:asterisk:.$p) [Asterisk SIP] >Flag=MGF_USERNAME >Func=MD5GenBaseFunc__clean_input >Func=MD5GenBaseFunc__append_userid >Func=MD5GenBaseFunc__append_input1_from_CONST1 >Func=MD5GenBaseFunc__append_keys >Func=MD5GenBaseFunc__crypt >CONST1=:asterisk: >Test=md5_gen(1400)4a8e71480c5b1ef0a5d502a8eb98576a:abcd:1234 > >This function fails at get_hash(0)
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.