Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID: <55F1EF53.70307@cox.net>
Date: Thu, 10 Sep 2015 16:00:03 -0500
From: JimF <jfoug@....net>
To: john-dev@...ts.openwall.com
Subject: Re: auditing our use of FMT_* flags

On 9/10/2015 3:47 PM, Solar Designer wrote:
> On Thu, Sep 10, 2015 at 01:18:50PM -0500, JimF wrote:
>> I have created a new method of test, within format, and many hashes are
>> now showing this bug.  I have just
>> tested with one of them and it absolutely is buggy, so I be the rest are
>> also.
> [...]
>> Here is the list. I was quite surprised it was this large.
> Now this matches my expectations. ;-)
>
> Why isn't AFS on the list, though?  Is it because I've just patched it?
> Or is it because your test failed to detect it as buggy?  (Kai's did.)
>
>
My test did not catch it, because my test does not give a crap about the 
flag.  Everything in taht format 'was' correct, except the flag was 
missing.  My method actually 'tests' the bug.

What I do is do proper prepare() valid() split().  Then I get results of 
binary().  I convert those to hex. I then SEARCH for this hex string 
within the working hash (the return from split). I check both lower and 
upper hex. If and ONLY if I find it, I smash the case of JUST that part 
of the hash.  I then call split.  If split 'fixes' the hash back, I call 
it 'good'.  But if hash does not fix it, BUT valid returns false, then I 
also say things are working.  If both of those checks fail, then I fail 
the entire format with a message about needing either a casing split() 
or a failure from valid().

I have added the same logic for the return of salt().  This is done only 
after binary (so all of the formats flushed out by binary are not being 
double checked, there is no need).  The only new hash was a net-ntlm  
and it has been added to the issue list.

So for AFS, my code was happy.  But my code is not the only code The 
code checking that if caseing is happening, that the bit is set or if 
the bit is set that casing must be happening, must also be run.

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.