|
Message-ID: <004001cd61ff$e2326280$a6972780$@net>
Date: Sat, 14 Jul 2012 15:33:09 -0500
From: "jfoug" <jfoug@....net>
To: <john-dev@...ts.openwall.com>
Subject: Still a bug in dynamic (27/28) J7-RC
I thought I had this nailed down, but it appears not. I think I know the
fix, and will test, and if so, get it into the release candidate on git.
form=dynamic_27 guesses: 1360 time: 0:00:00:19 : Expected
count(s) (1500) [!!!FAILED!!!]
form=dynamic_28 guesses: 1360 time: 0:00:00:19 : Expected
count(s) (1500) [!!!FAILED!!!]
$ ../run/john -list=format-all-details -form=dynamic_27
Format label dynamic_27
Max. password length in bytes 72
Min. keys per crypt 1
Max. keys per crypt 2
Flags
Case sensitive yes
Supports 8-bit characters yes
Converts 8859-1 to UTF-16/UCS-2 no
Honours --encoding=NAME no
False positives possible no
Uses a bitslice implementation no
The split() method unifies case no
A $dynamic$ format yes
Number of test cases for --test 5
Algorithm name 32/32 X2 (MD5_body)
Format name dynamic_27: FreeBSD MD5
Benchmark comment
Benchmark length -1
Binary size 16
Salt size 8
The problem is the max password len Anything over 15 bytes fails. For an
asm build, this does not show up on the TS, but JtR will NOT find anything
over 15 byte password, even in TS. The reason it passes TS is because TS
does not have any hashes that require more than a 15 byte password.
The problem shows up in a generic build. In that build, x86 asm md5 is not
used, and overwrites do not happen. But in the generic builds (on this
system), something does have buffer overwrites, and a reduction in found
passwords is seen in the TS.
I think I know the problem, I will get this found and fixed shortly.
Ok, the fix has been found, and now:
$ ./jtrts.pl -b ../../john-1.7.9/jumbo-70/run dynamic_27
----------------------------------------------------------------------------
---
- JtR-TestSuite (jtrts). Version 1.12.9, July 13, 2012. By, Jim Fougeron &
others
- Testing: John the Ripper password cracker, ver: 1.7.9-jumbo-6+unstable
[generic]
----------------------------------------------------------------------------
----
form=dynamic_27 guesses: 1500 time: 0:00:00:16 [PASSED]
.pot CHK:dynamic_27 guesses: 1500 time: 0:00:00:13 [PASSED]
$ ./jtrts.pl -b ../../john-1.7.9/jumbo-70/run dynamic_28
----------------------------------------------------------------------------
---
- JtR-TestSuite (jtrts). Version 1.12.9, July 13, 2012. By, Jim Fougeron &
others
- Testing: John the Ripper password cracker, ver: 1.7.9-jumbo-6+unstable
[generic]
----------------------------------------------------------------------------
----
form=dynamic_28 guesses: 1500 time: 0:00:00:16 [PASSED]
.pot CHK:dynamic_28 guesses: 1500 time: 0:00:00:14 [PASSED]
I will get this checked in properly, but I want to get with Magnum before
doing so, to make 100% certain I have the proper procedure for doing this
correctly.
Jim.
Content of type "text/html" skipped
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.