Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Thu, 23 Aug 2012 18:14:17 +0200
From: Lukas Odzioba <>
Subject: Re: How should one select PLAINTEXT_LENGTH in a format

2012/8/23 Claudio André <>:
> Hi
> How do i choose a number to use as the maximum length of a plaintext
> password. 16, 24, 32, ...?
> Do you guys have a rule? Or, at least, advices?
> Claudio
> PS: thanks Lukas

Technically it should be as big as you can make. However some formats
have specific optimizations for shorter passwords. I use something
like that (not always - mea culpa)

- If you can handle looooooooong passwords, without speed drop for
shorter ones do it
- Today we should support at least 15chars, considering last crack me
if you can contest it is good to have 20+
- On gpu's 15,31 usually works good because reads are nicely aligned
if you add one more byte to store lenght.
- It is good to have tests up to supported length.
- When you choose something it is good to make sure that your code can
really handle it - you can  try add some tests to TS.


Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.