|
Message-ID: <20130503012556.GB7092@openwall.com> Date: Fri, 3 May 2013 05:25:56 +0400 From: Solar Designer <solar@...nwall.com> To: john-dev@...ts.openwall.com Subject: Re: Yet more crashes Jim - On Thu, May 02, 2013 at 04:47:26PM -0500, jfoug wrote: > Dynamic cannot be 'fixed' to be crash proof. Since any user can create any > format, bad or not, there is simply no way, unless dynamic checked every > byte written, each time, which would cripple the format. > > I could chase my tail forever, fixing specifically formatted purposeful > garbage, only to have the format still be just as open as it is today. > Anyone can create a dynamic script that crashes. Here is an example, there > are infinite number of these ;) I think it is in fact expected that dynamic formats (as well as external mode) are crashable (and more) with certain configuration file settings. However, I think it may be practical to make reasonably defined dynamic formats not crashable with bad password files (even with purposefully malicious ones). Do you agree? What's the current state of dynamic formats with respect to bad password files? Alexander
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.