Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Thu, 13 Aug 2015 20:07:03 -0500
From: "jfoug@....net" <jfoug@....net>
To: john-dev@...ts.openwall.com
Subject: Re: episerver UTF-8

On Thu, 13 Aug 2015 19:35:57 -0500, Lei Zhang <zhanglei.april@...il.com>  
wrote:
> BTW, I think 3*PLAINTEXT_LENGTH means that we assume

Yes, this is an 'assumption'

> each UTF8 char to be no larger than 3 bytes. Is that assumption true? Or  
> 4-byte UTF8 chars are too rare to be considered?

In real world, they are somewhat rare.  But your point is valid.  There  
could certainly be a string of X 4 byte utf8 (there are even 5 byte utf8  
characters) which cause something that should handle 25 characters to not  
be able to handle a string of 25 4 (or 5) byte utf8. But we simply have  
drawn a line in the sand where reality vs theoretical limits come into  
play.

> And what does that 125 mean?

This is a 'limit' imposed by john (proper).  125 BYTES (not characters),  
is the max size of a line read from a password file.  We really should  
think long and hard about this limit, as we move to 'real' 32 bit Unicode  
support inside of the jumbo JtR

Jim.

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ