Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sat, 8 Jun 2013 6:58:18 -0400
From:  <jfoug@....net>
To: john-dev@...ts.openwall.com
Subject: Re: limits within mscash2

The CPU format now handles user names up to 128 Unicode characters, and passwords up to 125 Unicode characters (note, the pw will be 125 ASCII characters, and then converted.  This may be much less than 125 Unicode characters, for some utf8 strings).

I have also changed the opencl mscash2 to handle passwords up to 125 bytes.  I have not yet made changes to opencl to also address longer user names (but we should).  NOTE, the password handling in the openCL format was broken prior to this change.  It claimed to be able to handle 31 byte passwords, but any passwords over 27 bytes would have been corrupted, possibly corrupting more hashes than just the hash for the overlong password.  The new changes dropped the inline md4 function, and simply uses oSSL's CTX interface, which can properly handle data past 1 buffer (1 buffer maxes out at 55 bytes of data).  The speed was at least as good, and it may have even gone up 600/s or so (tested on bull)

Already in one of our contests, there were user names longer than JtR can handle, so the very limited arbitrary shortcomings of this format should be dumped ASAP.

---- jfoug@....net wrote: 
> I am not sure why we have user name length and password length limits within the mscash2 format?  I plan to remove them, but at first, only on the CPU format.  

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ