Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20120618230357.GA15367@openwall.com>
Date: Tue, 19 Jun 2012 03:03:57 +0400
From: Solar Designer <solar@...nwall.com>
To: john-dev@...ts.openwall.com
Subject: avoid cracked[] arrays (was: wbb3_fmt_plug.c is broken)

Dhiru -

On Tue, Jun 19, 2012 at 02:25:09AM +0400, Solar Designer wrote:
> wbb3_fmt_plug.c is broken in terms of supporting multiple hashes per
> salt.  It only supports exactly one hash per salt.  That is, if there
> are any matching salts, it will misbehave.  Additionally, it does not
> provide binary(), nor the hash functions, so loading may be slow.
> 
> You're using your approach learned on non-hashes almost universally now,
> but it is a hack that should only be used when you actually have to.
> When you implement support for "normal" hashes, please use JtR's
> interfaces the way they were supposed to be used, without this hack.
> 
> Will you fix this one format, please?

Actually, the same problem is present in almost(?) all of your formats.
I think the majority of them did not have to use this hack.  Even things
like VNC and SIP can probably be implemented without this hack.  Can you
please correct them all?  Please start with normal hashes
(wbb3_fmt_plug.c, racf_fmt_plug.c, episerver_fmt_plug.c, django_fmt.c),
then proceed with other stuff (anything that has the cracked[] array is
a candidate for a fix, if at all possible).

Thanks,

Alexander

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.