TS errors for ./jtrts.pl -internal

[frank-dittrich]

I guess this must have worked in the past, so I doubt this is a .jtrts.pl error, even if I don't quite understand the form=cryp and .pot CHK:cryp lines.

$ ./jtrts.pl -internal -q
-------------------------------------------------------------------------------
- JtR-TestSuite (jtrts). Version 1.13, Dec 21, 2014.  By, Jim Fougeron & others
- Testing:  John the Ripper 1.8.0.6-jumbo-1-1667-g2d353ed [linux-gnu 64-bit AVX-ac]
--------------------------------------------------------------------------------
form=bcrypt                       guesses:   13 -show=  13 0:00:00:00 DONE : Expected count(s) (14)(-show14)  [!!!FAILED1!!!]
.pot CHK:bcrypt                   guesses:   12 -show=  13 0:00:00:00 DONE : Expected count(s) (14)  [!!!FAILED4!!!]  (12 val-pwd  0 inval-pwd)
form=scrypt                       guesses:   10 -show=   9 0:00:00:01 DONE : Expected count(s) (10)(-show10)  [!!!FAILED3!!!]
.pot CHK:scrypt                   guesses:    9 -show=   9 0:00:00:00 DONE : Expected count(s) (10)  [!!!FAILED4!!!]  (9 val-pwd  0 inval-pwd)
form=formspring                   guesses:    1 -show=   2 0:00:00:00 DONE : Expected count(s) (4)(-show4)  [!!!FAILED1!!!]
form=hmac-sha256                  guesses:    1 -show=   1 0:00:00:00 DONE : Expected count(s) (4)(-show4)  [!!!FAILED1!!!]
.pot CHK:netntlm-naive            guesses:    6 -show=  11 0:00:00:00 DONE : Expected count(s) (13)  [!!!FAILED4!!!]  (6 val-pwd  0 inval-pwd)
form=pbkdf2-hmac-md4              guesses:    5 -show=   4 0:00:00:00 DONE : Expected count(s) (5)(-show5)  [!!!FAILED3!!!]
.pot CHK:pbkdf2-hmac-md4          guesses:    4 -show=   4 0:00:00:00 DONE : Expected count(s) (5)  [!!!FAILED4!!!]  (4 val-pwd  0 inval-pwd)
form=pbkdf2-hmac-md5              guesses:    5 -show=   4 0:00:00:00 DONE : Expected count(s) (5)(-show5)  [!!!FAILED3!!!]
.pot CHK:pbkdf2-hmac-md5          guesses:    4 -show=   4 0:00:00:00 DONE : Expected count(s) (5)  [!!!FAILED4!!!]  (4 val-pwd  0 inval-pwd)

form=cryp                         guesses:    0 N/A N/A  [pass, but exited, return code 1]
.pot CHK:cryp                     guesses:    0 N/A N/A  [pass, but exited, return code 1]
Some tests had Errors. Performed 641 tests.  6 errors  5 errors reprocessing the .POT files  2 runs had non-clean exit
Time used was 196 seconds

$ ../run/john --list=build-info 
Version: 1.8.0.6-jumbo-1-1670-g9a93a71+
Build: linux-gnu 64-bit AVX-ac
SIMD: AVX, interleaving: MD4:3 MD5:3 SHA1:1 SHA256:1 SHA512:1
$JOHN is ../run/
Format interface version: 13
Max. number of reported tunable costs: 3
Rec file version: REC4
Charset file version: CHR3
CHARSET_MIN: 1 (0x01)
CHARSET_MAX: 255 (0xff)
CHARSET_LENGTH: 24
SALT_HASH_SIZE: 1048576
Max. Markov mode level: 400
Max. Markov mode password length: 30
gcc version: 5.1.1
GNU libc version: 2.21 (loaded: 2.21)
Crypto library: OpenSSL
OpenSSL library version: 0100010bf
OpenSSL 1.0.1k-fips 8 Jan 2015
GMP library version: 6.0.0
File locking: fcntl()
fseek(): fseek
ftell(): ftell
fopen(): fopen
memmem(): System's

[magnumripper]

I believe many of these may simply be caused by the TS not handling the case where test vectors are re-used (eg. same test vector used twice but with different input syntax). That make eg. 13 hashes load and/or crack as 12.

Perhaps TS should include the X and Y from "Loaded X hashes with Y different salts" in the output somehow. At least it should look at those figures and try to make some conclusion (maybe it already does).

[magnumripper]

netntlm-naive has an actual problem. Opening a separate issue #1923 for it.

[magnumripper]

I don't quite understand the form=cryp and .pot CHK:cryp lines

Me neither. Where the heck do they come from?!

[jfoug]

descrypt, bsdicrypt, md5crypt, bcrypt, scrypt, LM, AFS, tripcode, dynamic_n,
agilekeychain, aix-ssha1, aix-ssha256, aix-ssha512, asa-md5, AzureAD, bfegg,
Bitcoin, Blackberry-ES10, WoWSRP, Blockchain, chap, Clipperz, cloudkeychain,
cq, CRC32, sha1crypt, sha256crypt, sha512crypt, Citrix_NS10, dahua, Django,
django-scrypt, dmd5, dmg, dominosec, dominosec8, dragonfly3-32,
dragonfly3-64, dragonfly4-32, dragonfly4-64, Drupal7, eCryptfs, EFS, eigrp,
EncFS, EPI, EPiServer, fde, Fortigate, FormSpring, gost, gpg, HAVAL-128-4,
HAVAL-256-3, hdaa, HMAC-MD5, HMAC-SHA1, HMAC-SHA224, HMAC-SHA256,
HMAC-SHA384, HMAC-SHA512, hMailServer, hsrp, IKE, ipb2, iwork, KeePass,
keychain, keyring, keystore, known_hosts, krb4, krb5, krb5pa-sha1, krb5tgs,
krb5-18, kwallet, lp, lotus5, lotus85, LUKS, MD2, mdc2, MediaWiki, MongoDB,
Mozilla, mscash, mscash2, MSCHAPv2, mschapv2-naive, krb5pa-md5, mssql,
mssql05, mssql12, mysqlna, mysql-sha1, mysql, nethalflm, netlm, netlmv2,
net-md5, netntlmv2, netntlm, netntlm-naive, net-sha1, nk, md5ns, NT, o5logon,
ODF, Office, oldoffice, OpenBSD-SoftRAID, openssl-enc, oracle, oracle11,
Oracle12C, osc, Panama, PBKDF2-HMAC-MD4, PBKDF2-HMAC-MD5, PBKDF2-HMAC-SHA1,
PBKDF2-HMAC-SHA256, PBKDF2-HMAC-SHA512, PDF, PEM, PFX, phpass, PHPS, PHPS2,
pix-md5, PKZIP, po, pomelo, postgres, PST, PuTTY, pwsafe, RACF, RAdmin, RAKP,
rar, RAR5, Raw-SHA512, Raw-Blake2, Raw-Keccak, Raw-Keccak-256, Raw-MD4,
Raw-MD5, Raw-MD5u, Raw-SHA1, Raw-SHA1-Linkedin, Raw-SHA224, Raw-SHA256,
Raw-SHA256-ng, Raw-SHA3, Raw-SHA384, Raw-SHA512-ng, Raw-SHA, ripemd-128,
ripemd-160, rsvp, Siemens-S7, Salted-SHA1, SSHA512, sapb, sapg, saph, 7z,
Raw-SHA1-ng, SIP, skein-256, skein-512, skey, aix-smd5, Snefru-128,
Snefru-256, LastPass, SSH, SSH-ng, Stribog-256, Stribog-512, STRIP, SunMD5,
sxc, SybaseASE, Sybase-PROP, tcp-md5, Tiger, tc_aes_xts, tc_ripemd160,
tc_sha512, tc_whirlpool, OpenVMS, VNC, vtp, wbb3, whirlpool, whirlpool0,
whirlpool1, wpapsk, xsha, xsha512, ZIP, plaintext, has-160, NT-old, dummy,
crypt

crypt with no comma. I am pretty sure I can fix that easily.

[jfoug]

https://github.com/magnumripper/jtrTestSuite/commit/fd83824eb48eab0575a6504626d734ed71d54c3a

[magnumripper]

Wow, that was unfortunate code :wink:

[magnumripper]

The bcrypt case is a false positive by TS. It's caused by two test vectors with the exact same data except one has it as $2a$ and the other as $2b$.

I'm usually against hard-coded white-lists but in this case I guess it's a viable alternative.