|
Message-ID: <CABtNtWGC6DSOxmJg2BQLmS38w0+S8P0Mqvri0oQ5BYL83Y9FQQ@mail.gmail.com>
Date: Tue, 28 Jul 2015 10:03:38 +0800
From: Kai Zhao <loverszhao@...il.com>
To: john-dev@...ts.openwall.com
Subject: Re: auditing our use of FMT_* flags
Hi Frank,
On Tue, Jul 28, 2015 at 5:52 AM, Frank Dittrich <frank.dittrich@...lbox.org>
wrote:
>
> On 07/27/2015 04:01 AM, Kai Zhao wrote:
> > I have written a script to check, and change john source code to check
> > FMT_SPLIT_UNIFIES_CASE. They are described at:
> >
> > http://www.openwall.com/lists/john-dev/2015/07/21/6
> >
> > I thought there were some problems but they were not.
>
> I don't know whether you considered this, but a format which sets
> FMT_SPLIT_UNIFIES_CASE may decide to convert everything into lower case,
> and another format may decide to convert everything into upper case.
> Both is fine.
Most formats which set FMT_SPLIT_UNIFIES_CASE may decide to
convert part into lower case or upper case.
For example: WoWSRP
$WoWSRP$6d00cd214c8473c7f4e9dc77ae8fc6b3944298c48c7454e6bb8296952dcfe78d$73616c74*solar
After split()
$WoWSRP$6D00CD214C8473C7F4E9DC77AE8FC6B3944298C48C7454E6BB8296952DCFE78D$73616C74*solar
It converts the middle part to upper.
> So I would use input with mixed upper and lower case letters, and then
> see whether the format converts into lower or upper or leaves the input
> unchanged (not considering formats where split produces more than one
> hash for a single input (like LM format)).
>
Yes. Your method is all right. But I think we can do it in
format.c::fmt_self_test_body()
1. Change the ciphertext to upper case
2. If split() returns lower case
If FMT_SPLIT_UNIFIES_CASE is set
return OK;
else
return ERROR;
3. Change the ciphertext to lower case
4. If split() returns upper case
If FMT_SPLIT_UNIFIES_CASE is set
return OK;
else
return ERROR;
Finally, there are no formats have obvious problems with
FMT_SPLIT_UNIFIES_CASE flag. But there are 3 formats: MediaWiki,
PHPS, PHPS2 which do not contain the flag and their split do not change
case. But the 3 formats finally has the flag: FMT_SPLIT_UNIFIES_CASE.
Thanks,
Kai
Content of type "text/html" skipped
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.