Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon, 11 Jan 2016 15:52:07 +0100
From: Frank Dittrich <frank.dittrich@...lbox.org>
To: john-users@...ts.openwall.com
Subject: Re: format-all-details -> Max. password length in bytes

On 01/11/2016 02:35 PM, patpro@...pro.net wrote:
> I wonder how those limits are set: how are they implemented,

The max. password length issue is quite complex.
This link to an old john-dev discussion might provide some background 
information:

http://thread.gmane.org/gmane.comp.security.openwall.john.devel/12718/focus=12776

> are they tunable at run time, and why 39 (arbitrary decision?) ?

It is not really tunable by an end user.
For some formats, a developer could look into the problem and see what 
performance impact increasing the max. password length would have.

Salted SHA1 currently supports a max. salt size of 16 bytes:
salted_sha1_common.h:13:#define MAX_SALT_LEN         16

The max. password length is defined so that just a single SHA1 block 
needs to be computed per candidate:
salted_sha1_fmt_plug.c:58:#define PLAINTEXT_LENGTH     (55-MAX_SALT_LEN)

So, if all your hashes do have a salt length < 16 bytes, you could use a 
larger max.password length for salted-sha1 and salted-sha1-opencl by 
decreasing MAX_SALT_LEN.


OTOH, dynamic_24 and dynamic_25 are quite similar to salted-sha1.
One of these dynamic formats computes SHA1($p.$s), the other SHA1($s.$p).
Both of them do have max. password length of 110 and a salt size of 64, 
but you can see that the speed of these formats is considerably slower.

(Since the dynamic formats use hex encoding and salted-sha1 uses base64, 
the hashes would need to be converted to be used by dynamic).

> However, I do remember that incremental is limited to 8 char. at compile time. But I'm interested in the limit set for formats.
>
>> $ ./john --list=format-all-details | grep "Max. password length"
>> Max. password length in bytes        8
>> Max. password length in bytes        64
>> Max. password length in bytes        15
>> Max. password length in bytes        72
>> Max. password length in bytes        125
>> Max. password length in bytes        7
>> ../..


$ ./john --list=format-details 2>/dev/null |cut -f 1,2 |head -n 20
descrypt	8
bsdicrypt	64
md5crypt	15
bcrypt	72
scrypt	125
LM	7
AFS	63
tripcode	8
dynamic_0	55
dynamic_1	23
dynamic_2	55
dynamic_3	55
dynamic_4	31
dynamic_5	31
dynamic_6	55
dynamic_8	23
dynamic_9	55
dynamic_10	32
dynamic_11	32
dynamic_12	110

For descrypt and tripcode, length 8 is fine, since these algorithms just 
ignore additional bytes.
The same applies to LM's max. length of 7.

For md5crypt, max. length 15 might be too short.
As a workaround, you could use --format=crypt with a max. password 
length of 72 bytes.
But make sure to reject all candidates shorter than 16 bytes, because 
--format=crypt is a lot slower than --format=md5crypt when cracking 
md5crypt hashes.

Frank

Powered by blists - more mailing lists

Your e-mail address:

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.