Date: Fri, 31 Aug 2018 19:06:22 +0200 From: Solar Designer <solar@...nwall.com> To: john-users@...ts.openwall.com Subject: Re: Cracking Long Passwords Hi, On Fri, Aug 31, 2018 at 03:43:07PM +0000, NeonFlash wrote: > Is there a way to know the restriction on password length for dictionary attacks supported by JtR? > For example, if an archive (zip/rar) file has a password of length greater than 50, can JtR successfully crack it in dictionary attack mode if the correct password is present inside the dictionary? You can use these commands: ./john --list=format-all-details --format=rar ./john --list=format-all-details --format=rar5 ./john --list=format-all-details --format=pkzip ./john --list=format-all-details --format=zip In my recent build of bleeding-jumbo, the output for RAR (which means RAR3) includes: Max. password length 26 for RAR5: Max. password length 10 [worst case UTF-8] to 32 [ASCII] for PKZIP: Max. password length 10 [worst case UTF-8] to 31 [ASCII] and for ZIP (which means WinZip): Max. password length 41 [worst case UTF-8] to 125 [ASCII] So length 50 in particular will likely work for ZIP aka WinZip, but not for the rest of these. For all of these we also get: Truncates at max. length no which means that unfortunately the limitation is ours rather than inherent to the target file format. Alexander P.S. You could want to avoid posting to mailing lists from Yahoo addresses since your messages probably do not get through to some subscribers (such as those on Google's mail servers, including everyone on Gmail and more) due to Yahoo's strict DMARC policy: $ host -t txt _dmarc.yahoo.com _dmarc.yahoo.com descriptive text "v=DMARC1\; p=reject\; pct=100\; rua=mailto:dmarc_y_rua@...oo.com\;"
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.