Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID: <20150806182038.GA22828@openwall.com>
Date: Thu, 6 Aug 2015 21:20:38 +0300
From: Solar Designer <solar@...nwall.com>
To: john-dev@...ts.openwall.com
Subject: Re: auditing our use of FMT_* flags (was: more robustness)

Kai,

On Thu, Aug 06, 2015 at 09:09:15PM +0300, Solar Designer wrote:
> Testing: skein-512, Skein 512 [Skein 32/64]... (32xOMP) FAILED (format:skein-512 have set FMT_8_BIT but all passwords ignore the 8th bit)
> 
> This is weird.  I think it's a bug in the code, to be found and fixed.
> Kai, please try to find the bug.

I took a look.  No, it's a bug in lacking proper test vectors, and
another in your extended test not handling this situation well.  Please
fix both of these.  That is, please add more test vectors to
skein_256_tests[] and skein_512_tests[], and please enhance your tests
to handle this situation reasonably.  Just why is it that when there's
only one non-empty test vector, which is the string "\xff", your test
thinks that "all passwords ignore the 8th bit"?  A quick test with
--stdin shows that the skein-512 format only cracks that hash when I
feed it "\xff" as input, and does not when I feed it "\x7f".  Perhaps
your test is buggy in that it doesn't correctly handle test vectors that
already have 8-bit characters in them?

Alexander

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.