Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Mon, 2 Jan 2012 18:50:42 -0700
From: Stephen John Smoogen <>
Subject: Testing longer than 16 character words in crypt-md5

I see that the MD5-crypt ($1$) implementation in john the ripper maxes
out at 15 characters, but other versions such as what I could figure
out in glibc do not limit to that amount. My initial guess is that the
limitation is due to some sort of speed up used in hashing. However my
c skills are not much beyond chapter 3 in the K&R so I may be missing
the obvious.

My want is to check to see how many passwords are using an email
address with some minimal changes that John the Rippers rules are
great for. but most of the accounts are over 16 characters in length.
Currently I am looking at using JTR to output the modified and then
doing an awk script to feed that to openssl but that seems slower and
missing some obvious herpderp item I am not seeing.

Stephen J Smoogen.
"The core skill of innovators is error recovery, not failure avoidance."
Randy Nelson, President of Pixar University.
"Years ago my mother used to say to me,... Elwood, you must be oh
so smart or oh so pleasant. Well, for years I was smart. I
recommend pleasant. You may quote me."  —James Stewart as Elwood P. Dowd

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.