john-dev - Re: Min password length

Follow @Openwall on Twitter for new release announcements and other news

[<prev] [next>] [<thread-prev] [day] [month] [year] [list]

Date: Sun, 27 Jan 2013 15:18:19 +0100
From: magnum <john.magnum@...hmail.com>
To: john-dev@...ts.openwall.com
Subject: Re: Min password length

On 24 Jan, 2013, at 0:42 , magnum <john.magnum@...hmail.com> wrote:
> On 23 Jan, 2013, at 23:56 , magnum <john.magnum@...hmail.com> wrote:
>> On 23 Jan, 2013, at 23:44 , Frank Dittrich <frank_dittrich@...mail.com> wrote:
>>> The other (and probably less confusing) short-term fix for unstable
>>> might be to hard code a min-length=8 in if the format is wpapsk.
>>> This min-length adjustment should be accompanied by an strerr output.
>> 
>> Yes, this is trivial. I'll try it out.
> 
> Patch committed. For a --test run, no action is taken. For a real crack, min-length is bumped and a notice is printed to stderr. This for any format that starts with "wpapsk".
> 
> Time for default wordlist + rules went from 2:05 to just 49 seconds.

I now noticed wowsrp also has a min length of 8 (according to a comment in the source). I will add a similar hack for it.

BTW this format also should not have FMT_CASE and it should use enc_strupper() in set_key in order to correctly uppercase non-ascii. I just fixed that.

magnum

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.