Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 3 Jan 2012 06:00:58 +0400
From: Solar Designer <>
Subject: Re: Testing longer than 16 character words in crypt-md5

On Mon, Jan 02, 2012 at 06:50:42PM -0700, Stephen John Smoogen wrote:
> I see that the MD5-crypt ($1$) implementation in john the ripper maxes
> out at 15 characters, but other versions such as what I could figure
> out in glibc do not limit to that amount. My initial guess is that the
> limitation is due to some sort of speed up used in hashing.

Yes, that's the case.

> My want is to check to see how many passwords are using an email
> address with some minimal changes that John the Rippers rules are
> great for. but most of the accounts are over 16 characters in length.
> Currently I am looking at using JTR to output the modified and then
> doing an awk script to feed that to openssl but that seems slower and
> missing some obvious herpderp item I am not seeing.

You can simply use --format=crypt to make JtR use the system-provided
code.  Of course, this will be a lot slower than JtR's optimized code.

I suggest that you do this in an OpenMP-enabled build.


Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.