Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Sun, 21 Aug 2011 18:37:17 +0400
From: Solar Designer <>
Subject: Re: Some problems to build chr

On Sun, Aug 21, 2011 at 03:41:37PM +0200, madfran wrote:
> If I understood well, to avoid a overflow:
> ((SIZE ** LENGTH) * SCALE) must fit in 64 bits.
> That means ((SIZE ** LENGTH) * SCALE) < 2**64
> So, if I want to cover the complete range of characters (FF) the max. 
> size must be 8 and the scale 1.
> 256**8*1 = 2**64

That's almost correct.

You can't really have 256 characters, because NUL terminates a string
in C (and thus not only in JtR, but also in many/most systems that the
passwords being cracked could be used on).  So the maximum is 255
different ASCII codes, 1 through 0xFF inclusive.

Also, the actual requirement is slightly more relaxed than what the
comment says, so some higher values of SCALE will also work with 255
characters and length 8 - e.g., I've just tested that SCALE of 10 also
works, resulting in slightly greater precision and thus maybe more
optimal order in which candidate passwords are tried.  You may give
this a try if you like, or you may strictly meet the requirement stated
in the comment, which means that SCALE must be 1 when SIZE is 255 and
LENGTH is 8.

Anyway, all of this complexity should be gone soon.  Stay tuned.


Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.