Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <8a92da5d830f8718c370ffed3c5912e7@smtp.hushmail.com>
Date: Sun, 20 Jan 2013 12:05:21 +0100
From: magnum <john.magnum@...hmail.com>
To: john-dev@...ts.openwall.com
Subject: Re: More self-tests added

On 20 Jan, 2013, at 11:54 , magnum <john.magnum@...hmail.com> wrote:
> I committed the following to unstable now:
> 
> "Add self-tests that fail if you have a binary size > 0 but are using fmt_default_binary() - and a similar test for salt. I believe this does not emit any false positives but I'm not 100% sure yet."
> 
> It hits 12 formats (not counting GPU ones), most are Dhiru's. Very easy fixes, just reset the size in question to 0 (after verifying this is a correct fix).
> 
> For a format that does not use salt, you should obviously report a SALT_SIZE of 0, and for non-hash "salt only" formats, you should report a BINARY_SIZE of 0.
> 
> If you find any false positive or otherwise think this is flawed, please complain. I think the binary case might theoretically produce false positives for some non-existing format, but I believe the current ones that fail are actually bugs.

OK, I was wrong (and right). The first failing format, Eggdrop Blowfish, actually use fmt_default_binary with a BINARY_SIZE of 13 and this is correct. However, it could/should be changed because it converts all candidate hashes to base64 instead of the other way round.

Unless I find a quick way to improve Eggdrop, I will revert that part (and keep the salt test for now) but I think we'll need to verify BINARY_SIZE of the following formats:

Benchmarking: KeePass SHA-256 AES [32/64 CommonCrypto]... FAILED (BINARY_SIZE)
Benchmarking: Apple DMG PBKDF2-HMAC-SHA-1 3DES / AES [32/64]... FAILED (BINARY_SIZE)
Benchmarking: Mac OS X Keychain PBKDF2-HMAC-SHA-1 3DES [32/64]... FAILED (BINARY_SIZE)
Benchmarking: GNOME Keyring iterated-SHA256 AES [32/64]... FAILED (BINARY_SIZE)
Benchmarking: Oracle O5LOGON protocol [32/64]... FAILED (BINARY_SIZE)
Benchmarking: PKZIP [32/64]... FAILED (BINARY_SIZE)
Benchmarking: SIP MD5 [32/64]... FAILED (BINARY_SIZE)
Benchmarking: LastPass sniffed sessions PBKDF2-HMAC-SHA-256 AES [32/64]... FAILED (BINARY_SIZE)
Benchmarking: ssh-ng SSH RSA / DSA [32/64]... FAILED (BINARY_SIZE)
Benchmarking: STRIP Password Manager PBKDF2-SHA1 [32/64]... FAILED (BINARY_SIZE)
Benchmarking: WinZip PBKDF2-HMAC-SHA-1 [32/64]... FAILED (BINARY_SIZE)

magnum

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.