Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Sat, 6 May 2017 21:20:18 -0400
From: Rich Rumble <>
Subject: Re: Max characters for password candidates (NTLM) and others

On Thu, May 4, 2017 at 5:56 PM, magnum <> wrote:

> On 2017-05-04 23:44, Frank Dittrich wrote:
> > Am 04.05.2017 um 23:27 schrieb magnum:
> >> The NT formats have a max length of 27 *characters* (for performance
> >> reasons).
> >
> > The 27 character limit isn't really a hash format limitation, but a
> > limitation of John's NT format implementation, ist that correct?
> Correct. Off the top of my head, the actual maximum in Windows is 255
> characters.
> In theory, perhaps, but in practice 127 (max)for most users passwords.
    "Internally, Windows represents passwords in 256-character UNICODE
strings. The logon dialog is limited to 127 characters, however. Therefore,
the longest password that can be used to log on interactively to a computer
running Windows is 127 characters. Theoretically, programs such as services
can use longer passwords, but they must be set programmatically because the
password change dialog will not allow a password longer than 127
Just my .02 :)

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.