Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 23 Jan 2013 18:52:31 +0100
From: magnum <>
Subject: Re: Min password length

On 23 Jan, 2013, at 18:43 , Frank Dittrich <> wrote:

> On 01/23/2013 06:25 PM, magnum wrote:
>> The git versions of Jumbo has a --min-length=N option that does what you want - except that formats should also be able to default to > 0 on their own.
>> The --min-length=N option will affect modes that already had such notion (ie. Incremental and Markov) and it will also affect Single and Wordlist modes in that they will drop words shorter than N (after applying rules, if applicable).
> Both --min-length=N and --max-length=N (and their effect on different
> cracking modes (--incremental and --markov / --wordlist and --single /
> --external) need to be documented in doc/OPTIONS.


>> BTW we need some systematic testing of these new options.
> I knew how --min-length=N and --max-length=N work for --incremental and
> --markov (tested this in the past).
> After my last reply to Jim I tested it with --wordlist (with and without
> --rules), and was just thinking about how to test it for --single mode
> (since --single doesn't work well with --stdout).
> What happens (what is the expected behaviour) if --single or --wordlist
> is combined with an --external filter?

That is a jolly good question. The figures are available as new external mode variables (req_minlen and req_maxlen). But I'm afraid the rules engine (or Wordlist's dummy_rules) will drop a word even though an external mode would make it comply. We need to review this.


Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.