Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Thu, 13 Aug 2015 20:07:03 -0500
From: "" <>
Subject: Re: episerver UTF-8

On Thu, 13 Aug 2015 19:35:57 -0500, Lei Zhang <>  
> BTW, I think 3*PLAINTEXT_LENGTH means that we assume

Yes, this is an 'assumption'

> each UTF8 char to be no larger than 3 bytes. Is that assumption true? Or  
> 4-byte UTF8 chars are too rare to be considered?

In real world, they are somewhat rare.  But your point is valid.  There  
could certainly be a string of X 4 byte utf8 (there are even 5 byte utf8  
characters) which cause something that should handle 25 characters to not  
be able to handle a string of 25 4 (or 5) byte utf8. But we simply have  
drawn a line in the sand where reality vs theoretical limits come into  

> And what does that 125 mean?

This is a 'limit' imposed by john (proper).  125 BYTES (not characters),  
is the max size of a line read from a password file.  We really should  
think long and hard about this limit, as we move to 'real' 32 bit Unicode  
support inside of the jumbo JtR


Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.