Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Date: Mon, 11 Jan 2016 16:34:13 +0100
From: patpro@...pro.net
To: john-users@...ts.openwall.com
Subject: Re: format-all-details -> Max. password length in bytes

On 11 janv. 2016, at 15:52, Frank Dittrich <frank.dittrich@...lbox.org> wrote:

> For some formats, a developer could look into the problem and see what performance impact increasing the max. password length would have.
> 
> Salted SHA1 currently supports a max. salt size of 16 bytes:
> salted_sha1_common.h:13:#define MAX_SALT_LEN         16
> 
> The max. password length is defined so that just a single SHA1 block needs to be computed per candidate:
> salted_sha1_fmt_plug.c:58:#define PLAINTEXT_LENGTH     (55-MAX_SALT_LEN)
> 
> So, if all your hashes do have a salt length < 16 bytes, you could use a larger max.password length for salted-sha1 and salted-sha1-opencl by decreasing MAX_SALT_LEN.


It makes perfect sense, a single byte over 55-MAX_SALT_LEN would then require a second SHA1 block computing, doubling (?) the time needed for each test. That's a good reason to stop at 55-MAX_SALT_LEN.

And I'm quite happy that my own passwd in the dump is way longer than 55-MAX_SALT_LEN ;)


> OTOH, dynamic_24 and dynamic_25 are quite similar to salted-sha1.
> One of these dynamic formats computes SHA1($p.$s), the other SHA1($s.$p).
> Both of them do have max. password length of 110 and a salt size of 64, but you can see that the speed of these formats is considerably slower.


it's slow enough with regular Salted SHA1, and I can't do GPU to gain horse power. Moving to something slower with a larger haystack does not sound so appealing.


Thanks a lot Frank and Rich for your answers. It helps me a lot understanding the way JtR works.

regards,
pat

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.