Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID: <20070325025548.GG30430@openwall.com>
Date: Sun, 25 Mar 2007 06:55:48 +0400
From: Solar Designer <solar@...nwall.com>
To: john-users@...ts.openwall.com
Subject: Re: New MSCASH patch

Alain,

On Tue, Mar 20, 2007 at 07:28:55PM +0100, Alain Espinosa wrote:
> Revision #3
> 
> -fixed same bug that NTLM patch
> -now passwords are try in blocks of lenght of 64

Great.

> -diff of src directory, same that NTLM patch

This is not great.  It means that people have to figure out and/or
remember to apply different patches in different ways.  Please generate
your next revision of the patch as follows:

TZ=UTC diff -urpN john-1.7.2.orig john-1.7.2-mscash-alainesp-4 > john-1.7.2-mscash-alainesp-4.diff

I did it similarly for john-1.7.2-ntlm-alainesp-6.1.diff.

If you prefer, you can keep the patched directory name just john-1.7.2.
What matters is that the patch may be applied with "patch -p1" while
inside the top level john-1.7.2 (or john-whateverversion) directory.

> I dont think this patch have the same problem with split because login are
> part of the hash.

Unfortunately, the patch does have this same problem because it also
uses hex-encoded hashes and will accept either case in the encoding.  As
soon as some cachedump-like tool uses another case for the encoding and
hashes dumped with different tools get loaded into JtR at once, the
problem might manifest itself.  To fix it, you need either split() and
FMT_SPLIT_UNIFIES_CASE, or you may have valid() only accept lowercase
characters in the hexadecimal part (as long as this works with all
current cachedump-like tools, which might not be the case).

Yes, I am assuming that duplicate login names are possible.  This
happens, for example, when password files from multiple systems get
loaded for cracking at once.  It is not too unlikely that passwords of
same-login users would be the same, too.

Thanks,

-- 
Alexander Peslyak <solar at openwall.com>
GPG key ID: 5B341F15  fp: B3FB 63F4 D7A3 BCCC 6F6E  FC55 A2FC 027C 5B34 1F15
http://www.openwall.com - bringing security into open computing environments

-- 
To unsubscribe, e-mail john-users-unsubscribe@...ts.openwall.com and reply
to the automated confirmation request that will be sent to you.

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.