Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID: <20120116194730.GA21118@openwall.com>
Date: Mon, 16 Jan 2012 23:47:30 +0400
From: Solar Designer <solar@...nwall.com>
To: john-dev@...ts.openwall.com
Subject: Re: Recent CVS patches

On Mon, Jan 16, 2012 at 08:36:23PM +0100, magnum wrote:
> There is now such a branch on GutHub. There are a couple of issues that
> popped up due to the new alignments and self tests. This is probably a
> good thing and I'll look into them but right now I don't really get how
> things are supposed to go together. Take for example BFEgg:
> 
> It fails with "FAILED (binary)" because the binary is misaligned. But
> that is because fmt_default_binary just pass the ciphertext pointer, so
> if something is misaligned it's not because of BFEgg - or is it? And
> who/what says BFEgg needs alignment in the first place? I believe it
> doesn't.

You seem to be right.  The alignment requirements in the self-tests in
the current CVS tree are too strict.

binary_hash*() often requires alignment, so this requirement is now
being imposed on binary()'s return value, which the loader may pass
directly into binary_hash*().  However, BFEgg's binary_hash*() does not
have this requirement.

How do you suggest we deal with this?  Introduce FMT_* flags that tell
the self-tests that misalignment of binary and/or salt is OK?  Or simply
drop this test for all?

I primarily wanted to introduce a test that the declared sizes are
sufficient.  I had a bug in a revision of trip_fmt.c where the declared
BINARY_SIZE was smaller than what the code actually relied on, and this
bug was not detected by self-tests prior to my recent changes to them.
So I introduced memory allocations and memcpy() just to the declared
size, and while I was at it I also introduced those alignment tests.

Thanks,

Alexander

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.