Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sat, 2 Jul 2005 14:01:49 +0400
From: Solar Designer <solar@...nwall.com>
To: john-users@...ts.openwall.com
Subject: Re:  Re: understanding the encryption method

On Fri, Jul 01, 2005 at 05:23:09PM +0000, Ikari wrote:
> on systems using schemes like MD5, blowfish... password can be 
> longer and to tell john to go beyond 8 chars you'll have to modify one or 
> more sections of john.ini to set max password length not to 8 but to 
> whatever you want.

This is not quite true.  It's only "incremental" mode which is limited
to 8 characters by default, and this limitation is not just runtime, --
it is compile-time and it also affects the *.chr files format.  So one
can't merely increase MaxLen beyond 8, unfortunately.

This has been discussed in greater detail before:

http://marc.theaimsgroup.com/?l=john-users&m=111611707402157
http://marc.theaimsgroup.com/?l=john-users&m=111611991308901

"Single crack", wordlist, and external modes do not have the limitation
(and there's nothing to modify to be cracking longer passwords -- it
just works).

> Anyway i don't think you'll find a password longer than 8 
> un less you know part of it...

If the password is weak, it may well be found (with a wordlist or
otherwise).

It also happens all the time with LanMan hashes due to their 7+7 split.

-- 
Alexander Peslyak <solar at openwall.com>
GPG key ID: B35D3598  fp: 6429 0D7E F130 C13E C929  6447 73C3 A290 B35D 3598
http://www.openwall.com - bringing security into open computing environments

Was I helpful?  Please give your feedback here: http://rate.affero.net/solar

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ