Date: Wed, 23 Jan 2013 18:25:06 +0100 From: magnum <john.magnum@...hmail.com> To: john-dev@...ts.openwall.com Subject: Re: Min password length On 23 Jan, 2013, at 16:26 , jfoug@....net wrote: > ---- Frank Dittrich <frank_dittrich@...mail.com> wrote: >> On 01/23/2013 02:45 PM, jfoug@....net wrote: >>> What about formats which have a min password length? Do we have a mechanism to tell JtR to not try any words that are shorter than X bytes long? I know we have external filters to force this, but that is not the question. Do we have a way to automatically do this? >>> >>> There are algorithms that specify minimal, so trying words less than the min length is a total waste of resources. >> >> What formats are affected? > > WPAPSK or sure. In it's specification, it lists 8 character PW min. > >> Do you know for sure that older versions of the OS or application didn't >> allow shorter passwords? > > Yes, it is spec'd to this. I do not believe any router or other AP will allow a pass to be set < 8 chars. The git versions of Jumbo has a --min-length=N option that does what you want - except that formats should also be able to default to > 0 on their own. The --min-length=N option will affect modes that already had such notion (ie. Incremental and Markov) and it will also affect Single and Wordlist modes in that they will drop words shorter than N (after applying rules, if applicable). So the only thing "missing" is that we might want to add a min-length parameter to the format struct (and perhaps rename the existing one). Maybe Solar agrees to include this with all the other struct changes. BTW the --max-length=N option also affects Markov's and Incremental's existing notions, and it makes Single/Wordlist *drop* candidates longer than N (after applying any rules) as opposed to truncating them, which happens if you hit the format's limit. I am not aware of any current formats other than wpapsk that really needs a set minimum length. Until the format struct supports it, we could add a hack somewhere in the main code, for automatically forcing --min-length=8 for that format. BTW we need some systematic testing of these new options. magnum
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.