Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <CANWtx02qxfOf5NtPe6GzT++gZnmrp9uakf5yG=00BPf8yMUhKw@mail.gmail.com>
Date: Sat, 6 May 2017 21:20:18 -0400
From: Rich Rumble <richrumble@...il.com>
To: john-users@...ts.openwall.com
Subject: Re: Max characters for password candidates (NTLM) and others

On Thu, May 4, 2017 at 5:56 PM, magnum <john.magnum@...hmail.com> wrote:

> On 2017-05-04 23:44, Frank Dittrich wrote:
> > Am 04.05.2017 um 23:27 schrieb magnum:
> >> The NT formats have a max length of 27 *characters* (for performance
> >> reasons).
> >
> > The 27 character limit isn't really a hash format limitation, but a
> > limitation of John's NT format implementation, ist that correct?
> Correct. Off the top of my head, the actual maximum in Windows is 255
> characters.
>
> In theory, perhaps, but in practice 127 (max)for most users passwords.
https://technet.microsoft.com/en-us/library/cc512606.aspx
    "Internally, Windows represents passwords in 256-character UNICODE
strings. The logon dialog is limited to 127 characters, however. Therefore,
the longest password that can be used to log on interactively to a computer
running Windows is 127 characters. Theoretically, programs such as services
can use longer passwords, but they must be set programmatically because the
password change dialog will not allow a password longer than 127
characters."
Just my .02 :)
-rich

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.