Date: Thu, 13 Aug 2015 21:09:06 +0300 From: Solar Designer <solar@...nwall.com> To: john-dev@...ts.openwall.com Subject: plaintext truncation magnum, all - I think that right now many JtR invocations are wasting lots of time testing unlikely candidate passwords because of the silent truncation to the maximum plaintext length supported by a given format, in cases where that maximum isn't the same as the target system's. I think we should enhance JtR to distinguish between two kinds of truncation: that of the target system (e.g., with descrypt and LM) and JtR-specific (e.g., with md5crypt). In the former case, the default behavior should be to silently truncate and test those candidate passwords (like it's done now), whereas in the latter the default should be to skip those candidates. Maybe it should be possible to override the default in the latter case - perhaps, with a config file setting (I wouldn't expect it to be frequently needed)? To implement this, we probably need to introduce a new format flag. Should we call it FMT_TRUNC? And what should it mean - target system's truncation or JtR's truncation at a length below the target system's? Or should we call it differently, to make this clear from the name? Thanks, Alexander
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.