Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <00be01d57557$3492d420$9db87c60$@dexlab.nl>
Date: Fri, 27 Sep 2019 19:15:38 +0200
From: "Vincent" <spam@...lab.nl>
To: <john-users@...ts.openwall.com>
Subject: Re: Buffer overflow in dynamic using very long salts

Related? Issue with long CONST below. Perhaps if CONST|SALT > MaxInputLen?

bofh@dev:/opt/JohnTheRipper/run$ more dynamic.conf
[List.Generic:dynamic_4001]
Expression=sha1(CONST1 short) (test)
Flag=MGF_INPUT_20_BYTE
Flag=MGF_FLAT_BUFFERS
Flag=MGF_SALTED
SaltLen=5
MaxInputLen=110
MaxInputLenX86=110
CONST1=abcdefghijklmnopqrstuvwxyz
Func=DynamicFunc__clean_input_full
Func=DynamicFunc__append_input1_from_CONST1
Func=DynamicFunc__SHA1_crypt_input1_to_output1_FINAL
Test=$dynamic_4001$32d10c7b8cf96570ca04ce37f2a19d84240d3a89$bogus:bogus

[List.Generic:dynamic_4002]
Expression=sha1(CONST1 long) (test)
Flag=MGF_INPUT_20_BYTE
Flag=MGF_FLAT_BUFFERS
Flag=MGF_SALTED
SaltLen=5
MaxInputLen=110
MaxInputLenX86=110
CONST1=abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopq
rstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmno
pqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklm
nopqrstuvwxyzabcdefghijklmnopqrstuvwxyz
Func=DynamicFunc__clean_input_full
Func=DynamicFunc__append_input1_from_CONST1
Func=DynamicFunc__SHA1_crypt_input1_to_output1_FINAL
Test=$dynamic_4002$f9d5b271f9126e9051394cffaff0ae3250fd6087$bogus:bogus
--More--

bofh@dev:/opt/JohnTheRipper/run$ ./john --test --format=dynamic_4001
Benchmarking: dynamic_4001 [sha1(CONST1 short) (test) 256/256 AVX2 8x1]...
DONE
Many salts:     15153K c/s real, 15153K c/s virtual
Only one salt:  14152K c/s real, 14152K c/s virtual

bofh@dev:/opt/JohnTheRipper/run$ ./john --test --format=dynamic_4002
Benchmarking: dynamic_4002 [sha1(CONST1 long) (test) 256/256 AVX2 8x1]...
FAILED (cmp_all(1))

bofh@dev:/opt/JohnTheRipper/run$

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.