Date: Mon, 11 Jan 2016 10:03:57 -0500 From: Rich Rumble <richrumble@...il.com> To: john-users@...ts.openwall.com Subject: Re: format-all-details -> Max. password length in bytes On Mon, Jan 11, 2016 at 9:52 AM, Frank Dittrich <frank.dittrich@...lbox.org> wrote: > On 01/11/2016 02:35 PM, patpro@...pro.net wrote: >> >> I wonder how those limits are set: how are they implemented, > > > The max. password length issue is quite complex. > This link to an old john-dev discussion might provide some background > information: > > http://thread.gmane.org/gmane.comp.security.openwall.john.devel/12718/focus=12776 > >> are they tunable at run time, and why 39 (arbitrary decision?) ? > > > It is not really tunable by an end user. > For some formats, a developer could look into the problem and see what > performance impact increasing the max. password length would have. > > Salted SHA1 currently supports a max. salt size of 16 bytes: > salted_sha1_common.h:13:#define MAX_SALT_LEN 16 > > The max. password length is defined so that just a single SHA1 block needs > to be computed per candidate: > salted_sha1_fmt_plug.c:58:#define PLAINTEXT_LENGTH (55-MAX_SALT_LEN) > > So, if all your hashes do have a salt length < 16 bytes, you could use a > larger max.password length for salted-sha1 and salted-sha1-opencl by > decreasing MAX_SALT_LEN. > > > OTOH, dynamic_24 and dynamic_25 are quite similar to salted-sha1. > One of these dynamic formats computes SHA1($p.$s), the other SHA1($s.$p). > Both of them do have max. password length of 110 and a salt size of 64, but > you can see that the speed of these formats is considerably slower. > > (Since the dynamic formats use hex encoding and salted-sha1 uses base64, the > hashes would need to be converted to be used by dynamic). > >> However, I do remember that incremental is limited to 8 char. at compile >> time. But I'm interested in the limit set for formats. >> >>> $ ./john --list=format-all-details | grep "Max. password length" >>> Max. password length in bytes 8 >>> Max. password length in bytes 64 >>> Max. password length in bytes 15 >>> Max. password length in bytes 72 >>> Max. password length in bytes 125 >>> Max. password length in bytes 7 >>> ../.. To add to what Frank said, some password lengths are limited by the type more often than not (LM=7, DES=8) and that's why incremental was limited by default for so long, but in 1.8 the length of incremental was changed to 24 bytes. -rich
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.