Aleksey Cherepanov

It looks like most dynamic formats can handle long strings without crash. Overflow happens in `__SSE_append_string_to_input` that is used by some formats only. I have a fix to reject overly...

It turned out that there is no way to distinguish dynamic with both `$s` and `$u` and dynamic using `$u` only. Any salt is accepted for `$u`-only formats. And it...

This one gets rejected while it should not (`"u" * 26` as username): ``` $dynamic_1506$aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa$$Uuuuuuuuuuuuuuuuuuuuuuuuuuu ``` It has `SaltLen=-27`. So there should be some miscalculation of length in `valid`.

`dynamic_1551` is a problem: its max username length is 7 (55 minus 32 for `md5()` minus 16 for salt). But there is no info about it formally. But there is...

`dynamic_1551` can crash in 2 places: overflowing `$u.:mongo:$p` or `$s.$u.md5(...)`. The first case: ``` $ python -c 'print "$dynamic_1551$aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa$" + "s" * 16 + "$$U" + "u" * 100' >...

I renamed the issue because all above crashes in existing formats were fixed in #5047. Remaining problems: - I would prefer to encode fields separately and check them strictly. -...

BTW in case of changing format of ciphertext and `truecrypt2john.py`, consider that it is possible to provide precomputed `kpool` instead of keyfiles in ciphertext. I cannot say that it would...

Oops, `\x01-\x21` means `x = 33`. Specified `530604000` is `255 * 255 * 255 * 32`. But john upgraded value to `x547185375`, that's `255 * 255 * 255 * 33`.

Excerpts from `clinfo`: ``` $ clinfo Platform Version OpenCL 2.1 AMD-APP (3180.7) Device Name Hawaii Device Version OpenCL 1.2 AMD-APP (3180.7) Max work item dimensions 3 Max work item sizes...

If there are incompatible changes to `hmac*` formats, please also consider changing syntax to be `$tag$digest$text` or `$tag$digest#text`. Because arbitrary text at the beginning of ciphertext is a problem: it...