Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon, 3 Sep 2018 12:06:54 +0000 (UTC)
From: NeonFlash <psykosonik_frequenz@...oo.com>
To: john-users@...ts.openwall.com
Subject: Re: Cracking Long Passwords

Thanks Alexander as always for the detailed response.
I'll try to join the mailing list using email from another email service provider.
Quick question regarding the password length restrictions in JtR. Is it possible to alter them? If so, do I need to modify some config file or source code and then recompile it?
As you mentioned, these are limitations of JtR while the target file format supports longer passwords.
   On Friday, August 31, 2018, 6:06:59 PM GMT+1, Solar Designer <solar@...nwall.com> wrote:  
 
 Hi,

On Fri, Aug 31, 2018 at 03:43:07PM +0000, NeonFlash wrote:
> Is there a way to know the restriction on password length for dictionary attacks supported by JtR?
> For example, if an archive (zip/rar) file has a password of length greater than 50, can JtR successfully crack it in dictionary attack mode if the correct password is present inside the dictionary?

You can use these commands:

./john --list=format-all-details --format=rar
./john --list=format-all-details --format=rar5
./john --list=format-all-details --format=pkzip
./john --list=format-all-details --format=zip

In my recent build of bleeding-jumbo, the output for RAR (which means
RAR3) includes:

Max. password length                26

for RAR5:

Max. password length                10 [worst case UTF-8] to 32 [ASCII]

for PKZIP:

Max. password length                10 [worst case UTF-8] to 31 [ASCII]

and for ZIP (which means WinZip):

Max. password length                41 [worst case UTF-8] to 125 [ASCII]

So length 50 in particular will likely work for ZIP aka WinZip, but not
for the rest of these.

For all of these we also get:

 Truncates at max. length            no

which means that unfortunately the limitation is ours rather than
inherent to the target file format.

Alexander

P.S. You could want to avoid posting to mailing lists from Yahoo
addresses since your messages probably do not get through to some
subscribers (such as those on Google's mail servers, including everyone
on Gmail and more) due to Yahoo's strict DMARC policy:

$ host -t txt _dmarc.yahoo.com
_dmarc.yahoo.com descriptive text "v=DMARC1\; p=reject\; pct=100\; rua=mailto:dmarc_y_rua@...oo.com\;"
  

Powered by blists - more mailing lists

Your e-mail address:

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.