Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID: <005601cc41aa$b2634e00$1729ea00$@net>
Date: Wed, 13 Jul 2011 17:17:47 -0500
From: "jfoug" <jfoug@....net>
To: <john-users@...ts.openwall.com>
Subject: John 1.7.8-jumbo-2  Patch to fix multiple formats (and to add upcase/downcase unicode support).

On the wiki page, an update which goes along with the release of the 1.03
John_Test_Suite has been released.    This patch file adds supports for
‘proper’ upcasing and lowercasing of Unicode data.  Also there are many
fixes to numerous formats, to ‘fix’ the problems found using the test suite.

 

This patch is found on the John wiki, at:
http://openwall.info/wiki/john/patches

 

Here is a list of changes:

 

- Proper upper and lowercase of Unicode handled (pretty complex). Oracle and
mssql hashes would NOT work properly without this. 
- many small fixes in md5_gen, mostly to restrict sizes of passwords, and
salts. Also fixed bugs like the $ and $$ in salt bug. 
- changed the interface of the utf16toutf8 unicode.c function, to be 'thread
safe'. 
- fixed a few portability bugs (john.c and Sybase_fmt) dealing with VC
builds. 
- john.c also has to call initUnicodeCase() during startup. The upcasing can
be used, even if NOT running in -utf8 mode. 
- A new 'UnicodeData.h' file was generated. There is also a 'project' to
generate this file from the unicode.org data files 
- The upcasing in unicode.c can be used to strupr/strlwr ansi data also. It
allows changing case of Niña into NIÑA. This has not yet be placed 'into'
john, but we now can do this (extern, rules, etc). 
- mscash1 would crash for user names longer than 19 bytes. It now 'handles'
them. NOTE, it does not find hashes with user names of 20 to 22 bytes, but
this will be changed in the future. 
- the cash2 was not finding 22 byte user names (did not crash, just did not
find them) 
- Big fixes to mssql and oracle formats. Now properly works upcasing etc.
Binary data, utf8 data works. Also, properly working on Big Endian systems.
These formats are a little more difficult, since they require upcasing
Unicode data. 
- SQL05. Fixed a 'possible' memory overwrite (worst case utf8 conversion
scenario). 
- Reduced max PW len for PHPass format, to what can be handled. 
- Fixed some 'possible' buffer overflows in Raw_MD5_Unicode format. 

 

Jim.

 

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.