Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20150822014542.GA8381@openwall.com>
Date: Sat, 22 Aug 2015 04:45:42 +0300
From: Solar Designer <solar@...nwall.com>
To: john-dev@...ts.openwall.com
Subject: Re: testing every index (Re: more robustness)

Kai,

On Sat, Aug 22, 2015 at 12:37:49AM +0800, Kai Zhao wrote:
> Here is a new patch which supports: all correct, all incorrect, even index
> correct, odd index correct, even hash(i) correct, and odd hash(i) correct.
> 
> https://github.com/loverszhaokai/JohnTheRipper/commit/fb4661e51779c28bb8e2d1a87283a92e172f8025
> 
> Is there any problems ???

In addition to the questions/issues I posted separately:

You don't appear to fully test the incorrect password indices.  You only
check cmp_all() for those.  You should be checking cmp_one() and
cmp_exact() as well, just like you do for the correct password indices,
but expecting the opposite result.  You may also check the largest
get_hash().  (False positives are too likely for smaller sizes, but
27-bit should be good enough.)

Why do you exclude the VNC format from the cmp_one() test?  This looks
wrong to me.  I mean this:

if (format->methods.cmp_one(binary, i) && strcmp(format->params.label, "VNC"))

Alexander

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.