Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID: <20140219184923.GA621@openwall.com>
Date: Wed, 19 Feb 2014 22:49:23 +0400
From: Solar Designer <solar@...nwall.com>
To: Miguel S?nchez <m.s.martiarena@...il.com>
Cc: john-dev@...ts.openwall.com
Subject: Re: Increase format length limit

Hi Miguel,

Your question would be better posted to john-users, and in fact it had
been brought up in there a few times before.  However, since you chose
to post to john-dev, let me reply in here this time...

On Wed, Feb 19, 2014 at 07:39:50PM +0100, Miguel S?nchez wrote:
> So it seems that I have to change more code but I don't know where is it.

The limit of 15 for this format is there for good technical reasons.
There would be ~2x slowdown for longer candidate passwords, and
supporting them in the same code is not trivial (although it can be
done - yes, changing way more code, and in fact writing extra code).

If you need to crack longer md5crypt passwords, we currently recommend
that you run on a system supporting md5crypt natively (e.g., any recent
Linux) and use the --format=crypt option.  It will run a few times
slower, but it will crack those longer passwords.  Of course, for
performance reasons you'd want to only do this when testing candidate
passwords that are actually 16 characters or longer.  For 15 chars or
less, use the specialized md5crypt format.

(Now, for cracking md5crypt on GPU we'll obviously need to have this
built-in... eventually.  For now, md5crypt-opencl and -cuda are
similarly limited to lengths up to 15.)

> even with other format will be very helpful.

No, this issue is specific to this one format.

Alexander

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.