[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20150608153928.GA16642@openwall.com>
Date: Mon, 8 Jun 2015 18:39:28 +0300
From: Solar Designer <solar@...nwall.com>
To: john-dev@...ts.openwall.com
Subject: Re: Fuzzing Report on hashes
On Mon, Jun 08, 2015 at 11:29:29AM -0400, jfoug@....net wrote:
>
> ---- Solar Designer <solar@...nwall.com> wrote:
> > Thanks! I see that Jim fixed the former, and declared the latter
> > invalid (sorry I didn't look into it closer). Thanks, Jim!
>
> I did not add N to the valid() within django scrypt. We might want to look at that. A hash with N > 32 (>=32?) will always fail.
With my SIMD code, yes. Anyway, N=32 corresponds to 512 GB with r=1,
and more with higher r (typical r is 8), so most systems will fail at
some lower N values as well.
> It is that way now, but I do not know if that is also the case using the other scrypt code. I did not add the valid check now, but with the change if that one line input file (with the N=41) is run, then john will appear to be doing work, BUT no passwords are ever checked. However, the format will run really fast, lol.
Yes, which is why I opted to exit on first such error in scrypt_fmt.c.
Alexander
Powered by blists - more mailing lists
Confused about mailing lists and their use?
Read about mailing lists on Wikipedia
and check out these
guidelines on proper formatting of your messages.
