Date: Mon, 2 Jan 2012 18:50:42 -0700 From: Stephen John Smoogen <smooge@...il.com> To: john-users@...ts.openwall.com Subject: Testing longer than 16 character words in crypt-md5 I see that the MD5-crypt ($1$) implementation in john the ripper maxes out at 15 characters, but other versions such as what I could figure out in glibc do not limit to that amount. My initial guess is that the limitation is due to some sort of speed up used in hashing. However my c skills are not much beyond chapter 3 in the K&R so I may be missing the obvious. My want is to check to see how many passwords are using an email address with some minimal changes that John the Rippers rules are great for. but most of the accounts are over 16 characters in length. Currently I am looking at using JTR to output the modified and then doing an awk script to feed that to openssl but that seems slower and missing some obvious herpderp item I am not seeing. -- Stephen J Smoogen. "The core skill of innovators is error recovery, not failure avoidance." Randy Nelson, President of Pixar University. "Years ago my mother used to say to me,... Elwood, you must be oh so smart or oh so pleasant. Well, for years I was smart. I recommend pleasant. You may quote me." —James Stewart as Elwood P. Dowd
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.