Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Date: Mon, 11 Jan 2016 15:52:07 +0100
From: Frank Dittrich <frank.dittrich@...lbox.org>
To: john-users@...ts.openwall.com
Subject: Re: format-all-details -> Max. password length in bytes

On 01/11/2016 02:35 PM, patpro@...pro.net wrote:
> I wonder how those limits are set: how are they implemented,

The max. password length issue is quite complex.
This link to an old john-dev discussion might provide some background 
information:

http://thread.gmane.org/gmane.comp.security.openwall.john.devel/12718/focus=12776

> are they tunable at run time, and why 39 (arbitrary decision?) ?

It is not really tunable by an end user.
For some formats, a developer could look into the problem and see what 
performance impact increasing the max. password length would have.

Salted SHA1 currently supports a max. salt size of 16 bytes:
salted_sha1_common.h:13:#define MAX_SALT_LEN         16

The max. password length is defined so that just a single SHA1 block 
needs to be computed per candidate:
salted_sha1_fmt_plug.c:58:#define PLAINTEXT_LENGTH     (55-MAX_SALT_LEN)

So, if all your hashes do have a salt length < 16 bytes, you could use a 
larger max.password length for salted-sha1 and salted-sha1-opencl by 
decreasing MAX_SALT_LEN.


OTOH, dynamic_24 and dynamic_25 are quite similar to salted-sha1.
One of these dynamic formats computes SHA1($p.$s), the other SHA1($s.$p).
Both of them do have max. password length of 110 and a salt size of 64, 
but you can see that the speed of these formats is considerably slower.

(Since the dynamic formats use hex encoding and salted-sha1 uses base64, 
the hashes would need to be converted to be used by dynamic).

> However, I do remember that incremental is limited to 8 char. at compile time. But I'm interested in the limit set for formats.
>
>> $ ./john --list=format-all-details | grep "Max. password length"
>> Max. password length in bytes        8
>> Max. password length in bytes        64
>> Max. password length in bytes        15
>> Max. password length in bytes        72
>> Max. password length in bytes        125
>> Max. password length in bytes        7
>> ../..


$ ./john --list=format-details 2>/dev/null |cut -f 1,2 |head -n 20
descrypt	8
bsdicrypt	64
md5crypt	15
bcrypt	72
scrypt	125
LM	7
AFS	63
tripcode	8
dynamic_0	55
dynamic_1	23
dynamic_2	55
dynamic_3	55
dynamic_4	31
dynamic_5	31
dynamic_6	55
dynamic_8	23
dynamic_9	55
dynamic_10	32
dynamic_11	32
dynamic_12	110

For descrypt and tripcode, length 8 is fine, since these algorithms just 
ignore additional bytes.
The same applies to LM's max. length of 7.

For md5crypt, max. length 15 might be too short.
As a workaround, you could use --format=crypt with a max. password 
length of 72 bytes.
But make sure to reject all candidates shorter than 16 bytes, because 
--format=crypt is a lot slower than --format=md5crypt when cracking 
md5crypt hashes.

Frank

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.