Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID: <BLU0-SMTP40347B0F5E241F1FB5671EDFDEA0@phx.gbl>
Date: Mon, 2 Jul 2012 21:42:13 +0200
From: Frank Dittrich <frank_dittrich@...mail.com>
To: john-dev@...ts.openwall.com
Subject: Re: I think I got it

On 07/02/2012 09:23 PM, magnum wrote:
> On 2012-07-02 19:14, Frank Dittrich wrote:
>> I think we really need to construct the input dictionary more carefully,
>> and we need to make sure the test cases contain passwords that are close
>> to the max. password length that the format claims to support.
> 
> Yes, we discussed that off-list (sorry!) already. We have some GPU
> formats too that are currently not tested right up to their max lengths.

And o catch cases of overwritten buffers, we need to use extra long
passwords not just at random positions, but close to the start/end of
MAX_KEYS_PER_CRYPT buffers, for various (sensible) MAX_KEY_PER_CRYPT sizes.

For

$ ./john --list=build-info
Version: 1.7.9-jumbo-6+unstable
Build: linux-x86-clang
Arch: 32-bit LE
$JOHN is ./
Rec file version: REC3
CHARSET_MIN: 32 (0x20)
CHARSET_MAX: 126 (0x7e)
CHARSET_LENGTH: 8
Compiler version: 4.2.1 Compatible Clang Compiler
gcc version: 4.2.1
clang version: 2.9 (tags/RELEASE_29/final)

the distribution is:

$ ./john --list=format-all-details |grep "Max. keys"|sort|uniq -c|sort -nr
     51 Max. keys per crypt             	1
     42 Max. keys per crypt             	128
     13 Max. keys per crypt             	4
     10 Max. keys per crypt             	16
      6 Max. keys per crypt             	256
      3 Max. keys per crypt             	96
      3 Max. keys per crypt             	64
      2 Max. keys per crypt             	8192
      2 Max. keys per crypt             	512
      2 Max. keys per crypt             	12
      1 Max. keys per crypt             	40
      1 Max. keys per crypt             	32
      1 Max. keys per crypt             	2304
      1 Max. keys per crypt             	2
      1 Max. keys per crypt             	170

Frank

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.