Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Thu, 29 May 2008 02:55:37 +0400
From: Solar Designer <>
Subject: Re: 15 characters

On Wed, May 28, 2008 at 02:30:59PM -0700, Richard Schlein wrote:
> Do you know if Mac OS X 10.4.11 splits passwords into 8-character halves?

It does not.

However, older versions had something similar (but not exactly that):

Mac OS X 10.3 stores LM hashes in addition to ones used natively.
Since those hashes are stored, they can be attacked - and they split
passwords into 7-character halves (yes, that's 7, not 8).  Also, LM
hashes are case-insensitive wrt input passwords, which allows for even
faster cracking.

Mac OS X 10.2 and below uses the traditional crypt(3), which truncates
(not splits) passwords at 8 characters.

> I'm starting with a small test file where there are 48 characters in the encoding for the target hashes and the "Loaded..." line reads:
> Loaded 2 password hashes with 2 different salts (Salt SHA1 [salt-sha1])

That's fine.  There's no low length limit with these hashes, as far as
I'm aware.

> -----Original Message-----

Please don't overquote.  You must not have quoted the "Original Message"
like that.  The context you quoted above your own text was sufficient.


To unsubscribe, e-mail and reply
to the automated confirmation request that will be sent to you.

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.