john-dev - Re: auditing our use of FMT

Follow @Openwall on Twitter for new release announcements and other news

[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]

Message-ID: <CABtNtWHFTKqmz8c72OA-qDz05KGWaCwVw3zTVziV=75nFyrk4g@mail.gmail.com>
Date: Thu, 27 Aug 2015 10:40:12 +0800
From: Kai Zhao <loverszhao@...il.com>
To: john-dev@...ts.openwall.com
Subject: Re: auditing our use of FMT_* flags

On Tue, Jul 28, 2015 at 10:03 AM, Kai Zhao <loverszhao@...il.com> wrote:
>
> Finally, there are no formats have obvious problems with
> FMT_SPLIT_UNIFIES_CASE flag. But there are 3 formats: MediaWiki,
> PHPS, PHPS2 which do not contain the flag and their split do not change
> case. But the 3 formats finally has the flag: FMT_SPLIT_UNIFIES_CASE.
>

I created a patch to detect FMT_SPLIT_UNIFIES_CASE error:

https://github.com/loverszhaokai/JohnTheRipper/commit/0148c3ddbce427f6c484e696021738180e2c14f7

The result is almost the same as the previous test. There are 4 formats:
dynamic=md5($p), MediaWiki, PHPS and PHPS2 which do not contain
the flag and their split do not change case. But the 4 formats finally has
the flag FMT_SPLIT_UNIFIES_CASE set. This probably caused by the
following code:

int dynamic_SETUP(DYNAMIC_Setup *Setup, struct fmt_main *pFmt)
{
        [...]
        if ( (Setup->flags & ...)) == 0)  {
                pFmt->params.flags |= FMT_SPLIT_UNIFIES_CASE;
                [...]
        }
        [...]
}

Is this ok for the 5 formats ? Should I add these 4 formats to whitelist ?

Thanks,

Kai

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.