Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Date: Wed, 12 Jun 2013 23:57:41 +0200
From: magnum <john.magnum@...hmail.com>
To: john-users@...ts.openwall.com
Subject: Re: Resume for KDEPaste external mode

On 12 Jun, 2013, at 23:45 , magnum <john.magnum@...hmail.com> wrote:
> KDEPaste lacks a restore() function. If you resume it, it will just restart from scratch. My first question is: Should this not be detected and resulting in refusal to resume? Or could some modes work fine without a resume() function? I guess some could... but at least we should warn or something?

On second thought I really think it should bail out with error. Modes that don't really need any special code should implement a dummy restore(). I will try implementing this in Jumbo and see where it goes but it should be in core too IMHO.

> Second, I tried to implement a restore() for it. As the only thing we know is the last generated word, I can't see any better way to do it than stupidly re-generating all candidates until that word is found. This will be very ineffective (bordering useless for fast hashes) but disregarding that, it doesn't work at all. Here's my current code, it hangs forever. Can anyone see why?

Never mind that, I found it.

> 		while (i < password_length) {
> 			rand_seed = rand_seed * 1103515245 + 12345;
> 			rand_result = (rand_seed >> 16) & 2047;
> 
> 			rand_seed = rand_seed * 1103515245 + 12345;
> 			rand_result <<= 10;
> 			rand_result ^= (rand_seed >> 16) & 1023;
> 
> 			rand_seed = rand_seed * 1103515245 + 12345;
> 			rand_result <<= 10;
> 			rand_result ^= (rand_seed >> 16) & 1023;
> 
> 			if (charset[rand_result % charset_length] != word[i])

The word[i] should be word[i++] in the line above.

> 				break;
> 		}

I think I'll commit this.

magnum

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.