Date: Sat, 12 Aug 2017 06:26:00 -0800 From: Royce Williams <royce@...ho.org> To: john-users@...ts.openwall.com Subject: Re: practical limits on password length? Hey, Matt! On Fri, Aug 11, 2017 at 4:50 PM, Matt Weir <cweir@...edu> wrote: > That's a loaded question there ;p Indeed! :) > 1) There are hash specific character limits > > 2) There are rule limits > > 3) There are attack type (such as incremental) limits > > These three types while largely independent can combine in unexpected ways > . Most of the time for items like incremental that largely doesn't matter. > For example you aren't going to have much success brute forcing a 257 char > password. Having the different formats max lengths easily listed would be > nice though. Fair points. In this case, I'd intended to try a straight wordlist attack for my frivolous test. > Now showing my ignorance, the value in Params.h I thought also had to do > with the number of character types (aka non ASCII) for incremental mode. So > I could be way off in my response ;p You might want to use --Markov mode > instead if you are hitting the char type + length limit of Incremental. I was naively following this advice from 2007, which still looked applicable: http://www.openwall.com/lists/john-users/2007/01/28/1 ... but I read it too fast. :/ Using Patrick's (informative!) suggestion downthread, I see: Format label Raw-MD5-opencl Max. password length 18 [worst case UTF-8] to 55 [ASCII] And now that I know what it's for, increasing CHARSET_LENGTH (currently 24, used for incremental) is obviously not needed. :) So I'll just test assuming that 55 is the max for ASCII for this format. Royce > On Friday, August 11, 2017, Royce Williams <royce@...ho.org> wrote: > > > What are the practical limits on password length? Are they docuumented > > anywhere? I assume that some of them are attack- and/or format-specific? > > > > I read about changing params.h and generating a charset, so I decided to > > frivolously specify 257 chars max as a test. Jumbo john compiled OK, but > > the --make-charset has been running for an hour with no end in sight.
Powered by blists - more mailing lists
Powered by Openwall GNU/*/Linux - Powered by OpenVZ