#20 ccguess crashes when trying long passwords

v1.0_(example)
wont-fix
nobody
None
3
2014-04-09
2014-04-09
Kob
No

Using a long password with ccguess crashes the program:

  1. Prepare a test file (test2.txt) containing one word.
  2. Use ccrypt to encrypt the test file with a 19 char PW.
  3. From the WIN command shell:
    <path to prog>ccguess -K "1234567891234567890" ./test/test2.txt.cpt

Shell Response:
Generating patterns...1..2..3..4..5..ccguess: Cannot allocate memory
0 [main] ccguess 3796 exception::handle: Exception: STATUS_ACCESS_VIOLATION
1180 [main] ccguess 3796 open_stackdumpfile: Dumping stack trace to ccguess.exe.stackdump
1105951 [main] ccguess 3796 <path to prog>\ccguess.exe: *** fatal error - cmalloc would have returned NULL

P.S. using only 15 or 16 char PW in ccguess e.g. -K "123456789123456" on the same test file results only in the following 1-line response:
Generating patterns...1..2..3..4..5..ccguess: Cannot allocate memory

Using V.1.10 under Win7 32 bit

Discussion

  • Kob

    Kob - 2014-04-09

    Come to think of this a bit more, maybe the original intent of the author was only to guess out short PW in order to have a reasonable chance of success. In that case, just a response of "program can try to guess only X char PW" would suffice.
    A feature request then would be to allow to specify the section of the PW where the user suspects an issue, or just try case substitution, but this is outside the scope of this bug report.

     
  • Peter Selinger

    Peter Selinger - 2014-04-09
    • status: open --> wont-fix
     
  • Peter Selinger

    Peter Selinger - 2014-04-09

    Hi Kob,

    this is not really a bug. The response "Cannot allocate memory" means that your computer doesn't have enough memory to run this program with these inputs. That is not a programming error, but a questions of how much memory your computer has. There is no fixed limit on the length of passwords - it just depends on your amount of RAM.

    An easy solution is to limit the depth, i.e., use -d 2 or -d 3 instead of the default 5. This means that we only look for passwords that differ from the given one by 2 or 3 changes, instead of 5. It's probably sufficient for most purposes.

    Of course the program could be written differently. Alas, it is what it is! If there's a need for a custom password guessing scheme, I guess someone could always modify it.

    I'm not sure about the STATUS_ACCESS_VIOLATION stuff that Windows is complaining about. It seems to be a windows-ary thing. The main function of the ccguess program contains these lines:

    fprintf(stderr, ""NAME": %s\n", strerror(errno));
    return 2;

    which means that after printing the error message "ccguess: Cannot allocate memory", the program immediately quits. I have no idea why Windows is trying to generate a stack dump or whatever after that, but I don't think it's ccguess's fault.

     
  • Kob

    Kob - 2014-04-09

    I have 4GB memory on that 32bit machine, and if and when I stress out the memory with some heavy duty programs I get an OS message "you are running low on memory". Also, I re-ran the test with little OS loading, and from the base 30% mem utilization the system reached to 55% when ccguess was running - and then the crash. With all other WIN32 programs, I can reach to 78+% mem loading before OS warnings. Maybe that the services offered by CYGWIN are a bit more crude than what's available to native WIN32 apps.

    Anyway, I totally understand your point - especially considering that ccguess is a secondary utility to the main application.

    Thank you again for the speed of response and the details provided.

     

Log in to post a comment.

Get latest updates about Open Source Projects, Conferences and News.

Sign up for the SourceForge newsletter:

JavaScript is required for this form.





No, thanks