Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 23 Jan 2013 23:56:16 +0100
From: magnum <john.magnum@...hmail.com>
To: john-dev@...ts.openwall.com
Subject: Re: Min password length

On 23 Jan, 2013, at 23:44 , Frank Dittrich <frank_dittrich@...mail.com> wrote:
> On 01/23/2013 04:26 PM, jfoug@....net wrote:
>> ---- Frank Dittrich <frank_dittrich@...mail.com> wrote: 
>>> On 01/23/2013 02:45 PM, jfoug@....net wrote:
>>>> What about formats which have a min password length?  Do we have a mechanism to tell JtR to not try any words that are shorter than X bytes long?  I know we have external filters to force this, but that is not the question.  Do we have a way to automatically do this?
>>>> 
>>>> There are algorithms that specify minimal, so trying words less than the min length is a total waste of resources.
>>> 
>>> What formats are affected?
>> 
>> WPAPSK or sure.  In it's specification, it lists 8 character PW min.
> 
> What about changing BENCHMARK_COMMENT in src/wpapsk to
> " (should be used with --min-lenght=8" or something similar as a
> workaround in unstable, think about a real fix for bleeding, and add a
> mapping rule to run/benchmark-unify which removes this comment (so that
> it matches the output of older versions ans (hopefully) of future versions?

I think the core hack I suggested is preferable, even for Jumbo-8.

> But users might still be confused because that "message" doesn't
> disappear even if you use --min-length=8.

The format can change that message in init() though. ntlmv2-opencl currently does (reflecting that it optimizes kernel and buffers for shorter length).

> (TODO: I need check if some jumbo-7 format names need to be mapped to
> the names used in the next jumbo. How much time do I have?)

Several weeks, I suppose.

> The other (and probably less confusing) short-term fix for unstable
> might be to hard code a min-length=8 in if the format is wpapsk.
> This min-length adjustment should be accompanied by an strerr output.

Yes, this is trivial. I'll try it out.

magnum

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.