Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CABtNtWGna0iP5ipPpdZKchr4XNvbG1OCQ3+khBOn7aDgtqxWrw@mail.gmail.com>
Date: Mon, 27 Jul 2015 21:51:40 +0800
From: Kai Zhao <loverszhao@...il.com>
To: john-dev@...ts.openwall.com
Subject: Re: auditing our use of FMT_* flags

Hi magnum,

Thanks for your explanation.

On Mon, Jul 27, 2015 at 5:24 PM, magnum <john.magnum@...hmail.com> wrote:
>
> On 2015-07-27 09:48, Kai Zhao wrote:
>>
>> What's the meaning of FMT_CASE ?
>>
>> /* Uses case-sensitive passwords */
>> #define FMT_CASE                        0x00000001
>>
>> Does it mean that the passwords are case-sensitive if FMT_CASE is set ?
>> The passwords are case-insensitive if FMT_CASE is not set ?
>>
>> There are some formats that do not set FMT_CASE.
>>
>> LM, WoWSRP, mssql, nethalflm, netlm, oracle, sapb, saph
>>
>> I changed the case of passwords, but the self-test is failed. E.g.:
>>
>> LM_fmt.c
>>
>> static struct fmt_tests tests[] = {
>>          {"$LM$a9c604d244c4e99d", "AAAAAA"},
>>          {"$LM$cbc501a4d2227783", "AAAAAAA"},
>>          {"$LM$3466c2b0487fe39a", "CRACKPO"},
>>          {"$LM$dbc5e5cba8028091", "IMPUNIT"},
>>          {LM_EMPTY LM_EMPTY, ""},
>>          {"$LM$73cc402bd3e79175", "SCLEROS"},
>>          {"$LM$5ecd9236d21095ce", "YOKOHAM"},
>>          {"$LM$A5E6066DE61C3E35", "ZZZZZZZ"}, /* uppercase encoding */
>>          {"$LM$1FB363feB834C12D", "ZZZZZZ"}, /* mixed case encoding */
>>          {NULL}
>> };
>>
>> $ ./john --test=0 --format=LM
>> Will run 8 OpenMP threads
>> Testing: LM [DES 256/256 AVX2-16]... (8xOMP) PASS
>>
>> Change the first password: "AAAAAA" -> "AAAAAa"
>>
>> $ ./john --test=0 --format=LM
>> Will run 8 OpenMP threads
>> Testing: LM [DES 256/256 AVX2-16]... (8xOMP) FAILED (get_key(0))
>
>
> The format DOES change the case to upper but since the test vector still
> has it in lower, it fails. This is just a current technical aspect of
self-tests,
> you can ignore it.
>

Does it mean that the passwords are case-sensitive if FMT_CASE is set ?
The passwords are case-insensitive if FMT_CASE is not set ?

If LM is special, how about saph?

E.g.:

sapH_fmt_plug.c:

static struct fmt_tests tests[] = {
        {"{x-issha,
1024}hmiyJ2a/Z+HRpjQ37Osz+rYax9UxMjM0NTY3ODkwYWI=","OpenWall"},
        ...
        {NULL}
};

This format doesn't set FMT_CASE. So the password is case-insensitive.
But if I change "OpenWall" to "OpenWalL", the self-test will fail.


Thanks,

Kai

Content of type "text/html" skipped

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.