Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID: <BLU0-SMTP113D9381624997CBFF91EF6FD3F0@phx.gbl>
Date: Fri, 28 Dec 2012 17:56:18 +0100
From: Frank Dittrich <frank_dittrich@...mail.com>
To: john-dev@...ts.openwall.com
Subject: Formats dmg, encfs and strip crash on longer passwords

All three formats claim to support a maximum password length of 32, but
if you try to use a word list with longer passwords, they all segfault
(at least on my 32bit Linux system).


$ ./john encfs --wordlist=test-p
Loaded 4 password hashes with 4 different salts (EncFS PBKDF2 AES /
Blowfish [32/32])
Segmentation fault (core dumped)

The file encfs just contains the 4 hard coded test cases from
encfs_fmt_plug.c, using the passwords as user names:

openwall:$encfs$192*181474*0*20*f1c413d9a20f7fdbc068c5a41524137a6e3fb231*44*9c0d4e2b990fac0fd78d62c3d2661272efa7d6c1744ee836a702a11525958f5f557b7a973aaad2fd14387b4f
Jupiter:$encfs$128*181317*0*20*e9a6d328b4c75293d07b093e8ec9846d04e22798*36*b9e83adb462ac8904695a60de2f3e6d57018ccac2227251d3f8fc6a8dd0cd7178ce7dc3f
Valient
Gough:$encfs$256*714949*0*20*472a967d35760775baca6aefd1278f026c0e520b*52*ac3b7ee4f774b4db17336058186ab78d209504f8a58a4272b5ebb25e868a50eaf73bcbc5e3ffd50846071c882feebf87b5a231b6
Alo3San1t@...s:$encfs$256*120918*0*20*e6eb9a85ee1c348bc2b507b07680f4f220caa763*52*9f75473ade3887bca7a7bb113fbc518ffffba631326a19c1e7823b4564ae5c0d1e4c7e4aec66d16924fa4c341cd52903cc75eec4

File test-p just contains a single password.
In this case, even a password of length 21 causes john to segfault:
123456789012345678901


For strip (the single test case from strip_fmp_plug.c), even a password
of length 19 causes a segfault.

For dmg, with the shortest test vector, even a password of length 18
causes a segfault:
vilefault:$dmg$1*20*9c82b419bdac1b3e6b71f8a6b99a7501f34b6950*40*5da479e292e0acf67a9fa3e24d0a767cae2f645ff63836665068637188f4b80295de79aabdbc2536*48*9b136165ee73418631ccf28d5e77073788ae921df596649a7a7789585db0f13f446d5927967e2ede20ce8a4f5389185d

For me, this looks like a systematic error in Dhiru's formats.
Unfortunately, if I build a debug version, the error disappears.

Should this information be added to a new wiki page untder "Issues/bugs
needing a look"?

Currently, the "Wish-list for JtR" has a link to "Formats with
problems", but the page is named JtR-valid-bugs, and I don't think these
segfaults are caused by bugs in valid().

Frank

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.