john-dev - Re: Formats dmg, encfs and strip crash on longer passwords

Follow @Openwall on Twitter for new release announcements and other news

[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]

Message-ID: <f61e585519cc20b1c51dda8c46166ab9@smtp.hushmail.com>
Date: Mon, 31 Dec 2012 12:24:37 +0100
From: magnum <john.magnum@...hmail.com>
To: john-dev@...ts.openwall.com
Subject: Re: Formats dmg, encfs and strip crash on longer passwords

On 31 Dec, 2012, at 10:42 , Lukas Odzioba <lukas.odzioba@...il.com> wrote:
> 2012/12/28 Dhiru Kholia <dhiru.kholia@...il.com>:
>> Lukas,
>> 
>> What should be the max password length (which actually works) for
>> formats using your pbkdf2 code?. Can it be increased?
> 
> Sorry I missed that message. Next time please mail me directly with
> questions like that, I shall answear within a few hours.
> I am not sure about the length (at the moment), but it can be extended
> without a big problem, maybe you already did that.

I already did :-)  Max length is now 64 and max. salt length is 52. Actually, lengths over 64 are supported like this:

if ((pwlen = strlen(key)) > 64) {
	sha1(key, pwlen, saved_key);
	pwlen = 20;
} else
	memcpy(saved_key, key, pwlen);
...
pbkdf2(saved_key, pwlen, salt, ...);

That extra sha1 could happen in set_key() and nothing else would need to be changed.

magnum

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.