Date: Thu, 13 Aug 2015 20:34:08 +0200 From: magnum <john.magnum@...hmail.com> To: john-dev@...ts.openwall.com Subject: Re: plaintext truncation On 2015-08-13 20:09, Solar Designer wrote: > magnum, all - > > I think that right now many JtR invocations are wasting lots of time > testing unlikely candidate passwords because of the silent truncation to > the maximum plaintext length supported by a given format, in cases where > that maximum isn't the same as the target system's. > > I think we should enhance JtR to distinguish between two kinds of > truncation: that of the target system (e.g., with descrypt and LM) and > JtR-specific (e.g., with md5crypt). In the former case, the default > behavior should be to silently truncate and test those candidate > passwords (like it's done now), whereas in the latter the default should > be to skip those candidates. Maybe it should be possible to override > the default in the latter case - perhaps, with a config file setting (I > wouldn't expect it to be frequently needed)? > > To implement this, we probably need to introduce a new format flag. > Should we call it FMT_TRUNC? And what should it mean - target system's > truncation or JtR's truncation at a length below the target system's? > Or should we call it differently, to make this clear from the name? That makes sense. FWIW we already have the different behavior from -max-length, which rejects as opposed to truncates. For -stdout mode, this can be tested using these two *different* alternatives: $ ../run/john -w -stdout=4 | head Press 'q' or Ctrl-C to abort, almost any other key for status 1234 pass 1234 abc1 comp tigg 1234 qwer mone carm 3358p 0:00:00:00 100.00% (2015-08-13 20:32) 14600p/s sss $ ../run/john -w -stdout -max-length=4 | head Press 'q' or Ctrl-C to abort, almost any other key for status 1234 123 mike bear alex love rose andy john 378p 0:00:00:00 100.00% (2015-08-13 20:31) 1575p/s sss magnum
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.