Date: Mon, 11 Jan 2016 15:52:07 +0100 From: Frank Dittrich <frank.dittrich@...lbox.org> To: john-users@...ts.openwall.com Subject: Re: format-all-details -> Max. password length in bytes On 01/11/2016 02:35 PM, patpro@...pro.net wrote: > I wonder how those limits are set: how are they implemented, The max. password length issue is quite complex. This link to an old john-dev discussion might provide some background information: http://thread.gmane.org/gmane.comp.security.openwall.john.devel/12718/focus=12776 > are they tunable at run time, and why 39 (arbitrary decision?) ? It is not really tunable by an end user. For some formats, a developer could look into the problem and see what performance impact increasing the max. password length would have. Salted SHA1 currently supports a max. salt size of 16 bytes: salted_sha1_common.h:13:#define MAX_SALT_LEN 16 The max. password length is defined so that just a single SHA1 block needs to be computed per candidate: salted_sha1_fmt_plug.c:58:#define PLAINTEXT_LENGTH (55-MAX_SALT_LEN) So, if all your hashes do have a salt length < 16 bytes, you could use a larger max.password length for salted-sha1 and salted-sha1-opencl by decreasing MAX_SALT_LEN. OTOH, dynamic_24 and dynamic_25 are quite similar to salted-sha1. One of these dynamic formats computes SHA1($p.$s), the other SHA1($s.$p). Both of them do have max. password length of 110 and a salt size of 64, but you can see that the speed of these formats is considerably slower. (Since the dynamic formats use hex encoding and salted-sha1 uses base64, the hashes would need to be converted to be used by dynamic). > However, I do remember that incremental is limited to 8 char. at compile time. But I'm interested in the limit set for formats. > >> $ ./john --list=format-all-details | grep "Max. password length" >> Max. password length in bytes 8 >> Max. password length in bytes 64 >> Max. password length in bytes 15 >> Max. password length in bytes 72 >> Max. password length in bytes 125 >> Max. password length in bytes 7 >> ../.. $ ./john --list=format-details 2>/dev/null |cut -f 1,2 |head -n 20 descrypt 8 bsdicrypt 64 md5crypt 15 bcrypt 72 scrypt 125 LM 7 AFS 63 tripcode 8 dynamic_0 55 dynamic_1 23 dynamic_2 55 dynamic_3 55 dynamic_4 31 dynamic_5 31 dynamic_6 55 dynamic_8 23 dynamic_9 55 dynamic_10 32 dynamic_11 32 dynamic_12 110 For descrypt and tripcode, length 8 is fine, since these algorithms just ignore additional bytes. The same applies to LM's max. length of 7. For md5crypt, max. length 15 might be too short. As a workaround, you could use --format=crypt with a max. password length of 72 bytes. But make sure to reject all candidates shorter than 16 bytes, because --format=crypt is a lot slower than --format=md5crypt when cracking md5crypt hashes. Frank
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.