User: Password:
|
|
Subscribe / Log in / New account

Either my test script is b0rken or BF has an 8-bit bug

From:  magnum <rawsmooth-cgr7CL/LOSDk1uMJSBkQmQ-AT-public.gmane.org>
To:  john-dev-ZwoEplunGu1jrUoiu81ncdBPR1lH4CV8-AT-public.gmane.org
Subject:  Either my test script is b0rken or BF has an 8-bit bug
Date:  Mon, 20 Jun 2011 00:41:44 +0200
Message-ID:  <4DFE7B28.5010103@bredband.net>
Archive-link:  Article

Can someone having access to an OpenBSD system verify the enclosed 
Blowfish hash? Or produce a correct one: It is supposed to be a single 
pound sign in ISO-8859-1, but I can't crack it (or any other non-ascii) 
with John.

It's produced using Perl, Authen::Passphrase and I suspect the bug (or 
feature) is in that one. I read stdin as raw, which is usually what 
works best with Authen::Passphrase for non-Unicode formats and non-ascii 
plaintexts. I have also tried to read stdin with binmode set to 
iso-8859-1 and a couple other variants but nothing I've tried gets me a 
crackable hash.

I suspected Perl somehow ended up crypting the UTF-8 byte sequence for a 
pound sign, but that's not it (and I can't get it to do that on purpose 
either)

The format is supposed to handle 8-bit, right? It says so in the struct.

magnum
#!comment: Built with pass_gen.pl using RAW mode, 0 to 125 characters
u0-BF:$2a$05$/OK.fbVrR/bpIqNJ5ianF.Sa7shbm4.OzKpvFnX1pQLmQW96oUlCq:0:0:£::

(Log in to post comments)


Copyright © 2011, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds