Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Sat, 30 Jun 2012 01:31:25 +0200
From: magnum <john.magnum@...hmail.com>
To: john-dev@...ts.openwall.com
Subject: Re: Re: Re: md5 internals question

On 2012-06-29 13:33, Tavis Ormandy wrote:
> One final question, I would need to limit input to 15 chars (or 16, but
> would require two comparisons), would this make it useless to everybody
> else? (I work in security, but I do vulnerability research, so never need to
> crack passwords. I'm primarily interested in the optimization challenge).
> What sizes are typical salts? What is the absolute minimum input size I
> would need to support to be useful outside of rawmd5?

IMHO 15-16 is right about the limit. If you make it 8, I will say it's
approaching useless. But 15/16 is fine, longer passwords could be
cracked with Simon's version and they are pretty few.

I do not really get why you need this limit though. Anything less than
55 should be the same work from then on, no?

magnum

Powered by blists - more mailing lists

Your e-mail address:

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.