Date: Sat, 2 Jul 2005 14:01:49 +0400 From: Solar Designer <solar@...nwall.com> To: john-users@...ts.openwall.com Subject: Re: Re: understanding the encryption method On Fri, Jul 01, 2005 at 05:23:09PM +0000, Ikari wrote: > on systems using schemes like MD5, blowfish... password can be > longer and to tell john to go beyond 8 chars you'll have to modify one or > more sections of john.ini to set max password length not to 8 but to > whatever you want. This is not quite true. It's only "incremental" mode which is limited to 8 characters by default, and this limitation is not just runtime, -- it is compile-time and it also affects the *.chr files format. So one can't merely increase MaxLen beyond 8, unfortunately. This has been discussed in greater detail before: http://marc.theaimsgroup.com/?l=john-users&m=111611707402157 http://marc.theaimsgroup.com/?l=john-users&m=111611991308901 "Single crack", wordlist, and external modes do not have the limitation (and there's nothing to modify to be cracking longer passwords -- it just works). > Anyway i don't think you'll find a password longer than 8 > un less you know part of it... If the password is weak, it may well be found (with a wordlist or otherwise). It also happens all the time with LanMan hashes due to their 7+7 split. -- Alexander Peslyak <solar at openwall.com> GPG key ID: B35D3598 fp: 6429 0D7E F130 C13E C929 6447 73C3 A290 B35D 3598 http://www.openwall.com - bringing security into open computing environments Was I helpful? Please give your feedback here: http://rate.affero.net/solar
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.