Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID: <c79aeb5ae57f09ac79a02c6bd61d5136@smtp.hushmail.com>
Date: Thu, 01 May 2014 02:11:33 +0200
From: magnum <john.magnum@...hmail.com>
To: john-dev@...ts.openwall.com
Subject: Re: [Suspected Junk Mail] hmacSHA256_fmt.c in john-1.7.9-jumbo-7
 - allow long salts

On 2014-04-30 11:08, Colm O'Flaherty wrote:
> Hi.
>
> This is my first post.
>
> I'm attaching a patch to allow longer salt values in hmacSHA256_fmt.c,
> since the current Jumbo implementation does not allow most JWT tokens to be
> cracked, due to length constraints.

Welcome! Your patch had numerous little problems but JimF made similar 
changes to the bleeding-jumbo tree so the functionality is committed now.

Next time, please delete any irrelevant stuff so it doesn't get included 
in the patch. Do a "make clean" for a starter. And please review your 
patch before submitting it. Did you want us to add an "arch.h" and other 
stuff to the tree? Of course not.

Also, please submit patches against current development tree (and most 
preferably in the form of pull requests on GitHub). 1.7.9-jumbo-7 is 
ancient - literally hundreds of thousands of source lines has been added 
or changed since. A patch against that will often not apply to the 
current trees without manual resolving. But yes, 1.7.9-jumbo-7 *is* the 
latest released tree so maybe you just followed some old recommendation.

A question specific for your patch: You decreased max. password length 
from 125 (the global max.) to 110. Why? Such lengths are pretty academic 
but even so, I despise limits unless there are significant perfomance 
benefits. Maybe there was?

Thanks,
magnum

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.