Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID: <836ff0c313d6968b61243cd29e4d5a36@smtp.hushmail.com>
Date: Mon, 27 Feb 2012 00:42:09 +0100
From: magnum <john.magnum@...hmail.com>
To: john-users@...ts.openwall.com
Subject: Re: -ext:keyboard with 8-bit chars

On 02/26/2012 11:52 PM, Solar Designer wrote:
> On Sun, Feb 26, 2012 at 06:11:20PM +0100, magnum wrote:
>> I tried making a custom keyboard external mode for producing German
>> keyboard output in iso-8859-1. I doubled the array sizes per the comment
>> and also changed the while loop that initializes mc accordingly. At
>> first I just entered the characters as 'ß' and so on, and took care that
>> john.conf was encoded in iso-8859-1. But I got a segmentation fault when
>> running. (...)
> 
> It's neither a bug nor a known limitation - I was not aware of it

...enlightening explanation snipped here because I have no follow-up
questions - but thanks!

> (...) we may want to have it behave the way a C implementation would
> for char being unsigned (also valid) - this may be more convenient
> for us, as you have found out. To make this change, you may e.g. edit
> the two instances of "value = c_getchar(1)" to "value = (unsigned
> char)c_getchar(1)" in c_getint(). I did not test this change.

I just tested this, it works fine too.


>> Another thing, the comment "This sample can be enhanced to infer the
>> rest of the indices here". What exactly is missing, and what would it
>> change? Are we not resuming correctly with current code?
> 
> We only infer the length and id[0], but not id[1] and on (they're now
> set to 0).  This means that when we interrupt and --restore a Keyboard
> mode run, it tries some previously-tested candidate passwords for a
> second time.

I don't really get the flow, but I suppose the worst-case scenario can
be quite bad for a slow hash interrupted after a long run? If so, I
think it's worth implementing but I have no idea how to do it.

Thanks!
magnum

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.