search

openwall / john

John the Ripper jumbo - advanced offline password cracker, which supports hundreds of hash and cipher types, and runs on many operating systems, CPUs, GPUs, and even some FPGAs
https://www.openwall.com/john/
Other
10.06k stars 2.08k forks source link

gpg2john: salt may be printed twice #440

Closed magnumripper closed 10 years ago

magnumripper commented 10 years ago 
    switch(s2k.m_spec) {
        case SPEC_SIMPLE:
            break;
        case SPEC_SALTED:
            printf("*0*");
            print_hex((unsigned char*)s2k.m_salt, 8);

        case SPEC_ITERATED_SALTED:
            printf("*%d*", s2k.m_count);
            print_hex((unsigned char*)s2k.m_salt, 8);
            break;
    }

Either a break is missing after SPEC_SALTED - or the print_hex in SPEC_ITERATED_SALTED should be removed. I wasn't sure which so I do nothing. To me it seems the format always wants to read an iterations count so maybe it too needs fixes?

kholia commented 10 years ago

To me it seems the format always wants to read an iterations count so maybe it too needs fixes?

We also support "SPEC_SIMPLE" stuff, which doesn't have "iterations".

kholia commented 10 years ago

Fixed in commit 3dd0f74a830d22ef5c01364872ef9744e5d892cb. Please check!

magnumripper commented 10 years ago

Yes but get_salt() reads cs.count anyway. So if there is no count in the hash, it will read the salt into cs.count and then read null or garbage into the salt :-(

kholia commented 10 years ago

Yes but get_salt() reads cs.count anyway. So if there is no count in the hash, it will read the salt into cs.count and then read null or garbage into the salt :-(

This should be fixed now with commit f26e26432c85f4e912a7aff18f493d7fb1b042fd. Good catch ;(