Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Thu, 21 Jul 2011 09:21:48 +0200
From: Jean-Michel PICOD <jm@...izoku.org>
To: john-users@...ts.openwall.com
Subject: Re: md5_gen ... again

Ok, I'll try that.

If it can help you, the previous version of john (1.7.7 + jumbo + other
patches) with the patch you gave me for salts beginning with "$" and "$$"
was working great with formats using the userid such as the one I gave on
the mailing list.
Before scripting it to the conf file, I used to maintain a thin format
linking to md5_gen functions and those one are still working.


J-Michel


2011/7/21 jfoug <jfoug@....net>

> I did list (within code) that this would happen.  This exact case.
>
>                // this code is BROKEN in the case where we have a 'simple'
> salt, that starts with a '$'
>                // character.  For now, I will simply comment these out, and
> they should work fine.  NOTE, this
>                // will break complex salts, which do not start with a
> 'normal' salt.  Something like
>                // $$Uuser will now fail (if that is the entire salt).  But
> at this time, there are no 'canned'
>                // formats that use that, so this patch will work around the
> problem, giving me some time to
>                // address this for the 'complex' salt case, in a later
> version of md5_gen.
> //              if (ciphertext[curdat.md5_gen_SALT_OFFSET] == '$')
> //                      strnzcpy(Salt,
> &ciphertext[curdat.md5_gen_SALT_OFFSET-1], SALT_SIZE);
> //              else
>
>
> Thus what is happening, is you have no 'valid' salt  What you have in the
> salt 'field' is $$U1234  But due to some other fixes I added, this is
> failing.
>
> At this time, until I spend more time coming up with a more generic 'fix',
> I
> would sugest that you build the format this way:
>
> [List.Generic:md5_gen(1400)]
> Expression=md5($s.:asterisk:.$p) [Asterisk SIP]
> Flag=MGF_SALTED
> Func=MD5GenBaseFunc__clean_input
> Func=MD5GenBaseFunc__append_salt
> Func=MD5GenBaseFunc__append_input1_from_CONST1
> Func=MD5GenBaseFunc__append_keys
> Func=MD5GenBaseFunc__crypt
> CONST1=:asterisk:
> Test=md5_gen(1400)4a8e71480c5b1ef0a5d502a8eb98576a$1234:abcd
>
>
> Yes, I know that is not a 'fix', but I am not going down the knee jerk fix
> in the salts until I have a better chance to dig deeper, and get it
> 'right'.
>
> Jim.
>
> >-----Original Message-----
> >From: jm@...izoku.org [mailto:jm@...izoku.org] On Behalf Of Jean-Michel
> >Sent: Wednesday, July 20, 2011 6:27 PM
> >To: john-users@...ts.openwall.com
> >Subject: [john-users] md5_gen ... again
> >
> >I upgraded from john 1.7.7 to john 1.7.8 with all patches applied.
> >
> >On x64 build, the patch john-1.7.8-jumbo-2after-MSCash2-many-fixes-
> >1.diff
> >made some of my md5_gen configuration scripts to fail.
> >
> >It seems that having the flag MGF_USERNAME without MGF_SALTED breaks the
> >format.
> >
> >For example, for Asterisk SIP secret hashes, I have :
> >
> >[List.Generic:md5_gen(1400)]
> >Expression=md5($u.:asterisk:.$p) [Asterisk SIP]
> >Flag=MGF_USERNAME
> >Func=MD5GenBaseFunc__clean_input
> >Func=MD5GenBaseFunc__append_userid
> >Func=MD5GenBaseFunc__append_input1_from_CONST1
> >Func=MD5GenBaseFunc__append_keys
> >Func=MD5GenBaseFunc__crypt
> >CONST1=:asterisk:
> >Test=md5_gen(1400)4a8e71480c5b1ef0a5d502a8eb98576a:abcd:1234
> >
> >This function fails at get_hash[0](0)
>
>

Powered by blists - more mailing lists

Your e-mail address:

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.