Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Mon, 2 Jul 2012 23:28:33 +0200
From: Frank Dittrich <>
Subject: Implementing password length for configurable dynamic formats (was:
 I think I got it)

On 07/02/2012 11:02 PM, jfoug wrote:
>> From: Frank Dittrich []
>> So, it could compare the value specified in the format definition,
>> compare it with the value that can be supported, fprintf(stderr,
>> "Warning: max. password length reduced from %d to %d\n", ...); and
>> reduce the max. password length as if
>> --length=N                force a lower max. length
>> had been used on the command line.
> When I get builds done, and run through the TS, I will release.  It added 2 new items to the john.conf. 
> There was SaltLen=#  and MaxLength=#  I have added SaltLenX86=#  and MaxLengthX86=# also.
> Now, MaxLength is defined like this (in the .conf file, and from the preloads)
> If (!MaxLength)  MaxLength = 55 - abs(SaltLen)  (or 80-abs(SaltLen) for non mmx).
> if (!MaxLengthX86) {
>   if (SaltLenX86)
>     MaxLengthX86 =  80-abs(SaltLenX86);
>   else
>     MaxLengthX86 =  80-abs(SaltLen);
> }
> This is now setup in both the preloads, AND in the .conf files.

Frankly, I don't like this approach.
Why should a user defining a new configurable dynamic format have to
care about specific architectures like x86?

Otherwise, you'll at some point need to define MaxLengthARM, ...

IMO, the user should just express his desired max. password length, and
if an architecture specific implementation needs to reduce that size, a
warning written to stderr and into the log file should be enough.


Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.