[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20120914231342.GA5705@openwall.com>
Date: Sat, 15 Sep 2012 03:13:42 +0400
From: Solar Designer <solar@...nwall.com>
To: john-dev@...ts.openwall.com
Subject: "single crack" missing candidates (was: Office2john)
magnum -
On Fri, Sep 14, 2012 at 11:22:53PM +0200, magnum wrote:
> Is there any chance a very loaded GECOS field can "overwrite" the login field or otherwise screw Single mode from getting a candidate from that field?
Normally, no.
> I tried to spot any limitation on GECOS stuff other than LINE_BUFFER_SIZE but did not find any.
There are also LDR_WORDS_MAX and SINGLE_WORDS_PAIR_MAX, but they should
not cause the behavior you're describing.
Does your copy of single.c include these lines? -
/*
* We use "short" for buffered key indices and "unsigned short" for buffered
* key offsets - make sure these don't overflow.
*/
if (key_count > 0x8000)
key_count = 0x8000;
while (key_count > 0xffff / length + 1)
key_count >>= 1;
Is "offset" in "struct db_keys_hash_entry" actually "unsigned short"
(rather than simply "short")?
There were fairly recent fixes in this area. Without them, GPU formats
with large min_keys_per_crypt settings could result in "single crack"
missing candidate passwords.
Alexander
Powered by blists - more mailing lists
Confused about mailing lists and their use?
Read about mailing lists on Wikipedia
and check out these
guidelines on proper formatting of your messages.
