Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 27 Nov 2020 14:56:25 +0100
From: magnum <>
Subject: Re: PBKDF2-HMAC-* with non-standard bit-length of the
 derived key?

On 2020-11-27 14:30, Vincent wrote:
> Is it possible to use a custom bit-length of the derived key (mostly 
> called dkLen) for the PBKDF2-HMAC-* formats?

Do you mean shorter than the native hash length, or longer (multiple or 

I believe most or all of our PBKDF2 formats already support cracking 
longer ones (eg. 320 bits of PBKDF2-HMAC-SHA-1). They are clever enough 
to skip the second pass unless the first matches the 160 first bits.

Not sure if they support checking eg. only 128 bits of 160, but that 
could be implemented of course.

In fact, if you need to match somthing longer than native length but not 
a multiple, such as 170 bits of PBKDF2-HMAC-SHA1, you could simply edit 
your input file to only keep 160 bits, and all will be fine. You wont 
get a false positive with these key lengths anyway.


Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.