john-dev - Why would crypt_all() need/want to generate additional candidate passwords?

Follow @Openwall on Twitter for new release announcements and other news

[<prev] [next>] [thread-next>] [day] [month] [year] [list]

Message-ID: <8f1a28cc-6828-9934-0370-38915e721876@mailbox.org>
Date: Tue, 14 Nov 2017 19:04:32 +0100
From: Frank Dittrich <frank.dittrich@...lbox.org>
To: john-dev@...ts.openwall.com
Subject: Why would crypt_all() need/want to generate additional candidate
 passwords?

Hi,

I just read the formats.h comment for the crypt_all function:

/* Computes the ciphertexts for given salt and plaintexts.
[...]
  * The count passed to cmp_all() must be equal to crypt_all()'s return 
value.
  * If an implementation does not use the salt parameter or if salt is NULL
  * (as it may be during self-test and benchmark), the return value must 
always
  * match *count the way it is after the crypt_all() call.
  * The count is passed by reference and must be updated by crypt_all() 
if it
  * computes other than the requested count (such as if it generates 
additional
  * candidate passwords on its own).  The updated count is used for c/s rate
  * calculation.  The return value is thus in the 0 to updated *count 
range. */

Why would crypt_all() generate additional candidate passwords on its own?
Are there any sample formats which make use of this weird feature?

Frank

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.