Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID: <20150822013453.GA8279@openwall.com>
Date: Sat, 22 Aug 2015 04:34:53 +0300
From: Solar Designer <solar@...nwall.com>
To: john-dev@...ts.openwall.com
Subject: Re: testing every index (Re: more robustness)

Kai,

On Sat, Aug 22, 2015 at 12:37:49AM +0800, Kai Zhao wrote:
> Here is a new patch which supports: all correct, all incorrect, even index
> correct, odd index correct, even hash(i) correct, and odd hash(i) correct.
> 
> https://github.com/loverszhaokai/JohnTheRipper/commit/fb4661e51779c28bb8e2d1a87283a92e172f8025
> 
> Is there any problems ???

This looks much better to me.  I haven't reviewed it thoroughly (and I
don't intend to), but here are a few issues I noticed:

There's no such thing as "Current max max_keys_per_crypt".  I guess you
meant for the current version of JtR, but no, that's not how it works.
max_keys_per_crypt is adjusted dynamically by many formats' init(), and
how it's adjusted depends on things such as OpenMP thread count and
OpenCL GWS tuning.  Your current 33554432, while extremely high, might
in fact not be enough for current JtR on some hardware.

Also, you used a static array for this.  This grows the .bss
unnecessarily.  Please use dynamic memory allocation for the actual
max_keys_per_crypt instead.  If you don't want to allocate/free for each
format, you may use realloc() to a higher size whenever a next format
has a higher max_keys_per_crypt than the previously seen maximum (in the
formats tested up to that point).

For the correct password, you're still setting just one password for all
indices.  You should instead use all passwords from the test vectors,
then compare each computed hash against the one expected for the test
vector that you used for that index.

The above means that your Boolean correct_key[] is better changed to
array of pointers (pointing to the test vector hashes, or NULL if not
correct) or integers (storing test vector numbers, or e.g. -1 if not
correct).

Please make the above enhancements.

Meanwhile, have these tests uncovered any bugs?

Thanks,

Alexander

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.