Date: Thu, 6 Dec 2018 03:18:11 +0100 From: Solar Designer <solar@...nwall.com> To: john-users@...ts.openwall.com Subject: Re: Rule bug in John proper Hi magnum, On Wed, Dec 05, 2018 at 10:46:16PM +0100, magnum wrote: > While auditing rules for performance, I found a minor bug in john.conf > stemming from non-Jumbo: > > # mary -> marie > -[:c] <* (?\p1[za] \p1[lc] )y omi $e Here we require with the "<*" command that there's room to add one character. If not, we don't(?) want to try e.g. "mari" instead of "mary", which would be redundant with simpler overstrike rules - but then we don't appear to have those in the same ruleset, so this is arguably a bug (add overstrike rules to there or use "<+" here). Also, there are two distinct cases: a hash type genuinely having a low length limit (then it makes sense to try a truncated password, e.g. "ladymari" against descrypt) vs. a user requesting a low length limit (jumbo's "--max-length=8", in which case I think jumbo's own code would reject the string "ladymarie" after this rule has wasted a bit of time processing it). As I understand, we currently have means to distinguish these cases inside jumbo (we even have a format flag indicate whether its length limit is genuine or implementation-specific), but not from rules. Maybe that's too much detail to bother with in rules, but you said you were "auditing rules for performance" and this is relevant. > # marie -> mary > -[:c] <* (?\p1[za] \p1[lc] )e \] )i val1 oay > > The last line should use `<+` instead. The current rule will reject > words that would (barely) fit in max_length. Thanks. It's actually trickier than that. I think the check was off by 2 (and my testing confirms that), and this is a proper fix: # marie -> mary -[:c] (?\p1[za] \p1[lc] )e \] <+ )i val1 oay Alexander
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.