Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 23 Jan 2013 18:25:06 +0100
From: magnum <john.magnum@...hmail.com>
To: john-dev@...ts.openwall.com
Subject: Re: Min password length

On 23 Jan, 2013, at 16:26 , jfoug@....net wrote:
> ---- Frank Dittrich <frank_dittrich@...mail.com> wrote: 
>> On 01/23/2013 02:45 PM, jfoug@....net wrote:
>>> What about formats which have a min password length?  Do we have a mechanism to tell JtR to not try any words that are shorter than X bytes long?  I know we have external filters to force this, but that is not the question.  Do we have a way to automatically do this?
>>> 
>>> There are algorithms that specify minimal, so trying words less than the min length is a total waste of resources.
>> 
>> What formats are affected?
> 
> WPAPSK or sure.  In it's specification, it lists 8 character PW min.
> 
>> Do you know for sure that older versions of the OS or application didn't
>> allow shorter passwords?
> 
> Yes, it is spec'd to this.  I do not believe any router or other AP will allow a pass to be set < 8 chars.

The git versions of Jumbo has a --min-length=N option that does what you want - except that formats should also be able to default to > 0 on their own.

The --min-length=N option will affect modes that already had such notion (ie. Incremental and Markov) and it will also affect Single and Wordlist modes in that they will drop words shorter than N (after applying rules, if applicable).

So the only thing "missing" is that we might want to add a min-length parameter to the format struct (and perhaps rename the existing one). Maybe Solar agrees to include this with all the other struct changes.

BTW the --max-length=N option also affects Markov's and Incremental's existing notions, and it makes Single/Wordlist *drop* candidates longer than N (after applying any rules) as opposed to truncating them, which happens if you hit the format's limit.

I am not aware of any current formats other than wpapsk that really needs a set minimum length. Until the format struct supports it, we could add a hack somewhere in the main code, for automatically forcing --min-length=8 for that format.

BTW we need some systematic testing of these new options.

magnum

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ