SNMPv3 engineID minimum length, am I missing something?
#1
Question 
Regarding hashcat -m 25000 specifically but probably others too. So the question is about the

Code:
totoken.len_min[3] = 26

in module_25000.c (and its siblings). RFC 3411 says engineID is 5-32 bytes, so the minimum should be 10 hex chars, not 26. IPv4-based engine IDs are 9 bytes (18 hex) and MAC-based are 11 bytes (22 hex). Well both of these appear to be under the floor.

Also noticedĀ m25000.pmĀ uses

Code:
random_hex_string(26, 34)

so the test suite never generates a short enough engineID to catch it. Is this a known limitation or an actual bug? Seems like a one-line fix across the all the sibling modules. Will someone knowledgeable please come to the rescue here and tell me if I'm looking at this wrong?
Reply


Messages In This Thread
SNMPv3 engineID minimum length, am I missing something? - by c4p0ne - Yesterday, 07:45 PM