[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <55EF0563.2060103@cox.net>
Date: Tue, 8 Sep 2015 10:57:23 -0500
From: JimF <jfoug@....net>
To: john-dev@...ts.openwall.com
Subject: Re: auditing our use of FMT_* flags
On 9/8/2015 10:42 AM, Kai Zhao wrote:
> Since JimF has add the flag for MediaWiki, PHPS and PHPS2, I think I
> should add these formats to whitelist. Maybe also includes
> dynamic=md5($p). Should I ?
> https://github.com/magnumripper/JohnTheRipper/commit/cc5ae475bad53ca46b9c74a82848bc86c6b9c314
Is the @dynamic@ also a problem format. It should NOT be white listed.
The way that dynamic was written, ANY hash that uses hex for the hash
string will automatically get that bit set within the call to init()
The bug comes (as I have been made aware), of usage of the 'minimal'
format structure prior to the time that init() is called.
Thus, if you are seeing any dynamic hashes that trip this issue, then
they are buggy and need fixed. When you find these, please make sure to
cc me personally about the problems, thank you.
Jim.
Powered by blists - more mailing lists
Confused about mailing lists and their use?
Read about mailing lists on Wikipedia
and check out these
guidelines on proper formatting of your messages.
