|
Message-ID: <b26871c0b220187bf36a5fbaf86b8ef2@smtp.hushmail.com> Date: Wed, 17 May 2017 22:11:08 +0200 From: magnum <john.magnum@...hmail.com> To: john-users@...ts.openwall.com Subject: Re: Max Password Lengths On 2017-05-17 15:38, Will Hunt wrote: > After following your recent discussion with Rob re maximum password lengths, is there any easy way to determine the maximum character length of all supported algorithms? > > I noted that using --enc:raw shows 27 for NT instead of 81, but I haven't been able to find any resources online that quickly show which algorithms are unicode based and which aren't Latest jumbo (from github) will display length as "characters" as opposed to bytes. Examples: $ ../run/john --list=format-all-details --format=nt Format label NT Disabled in configuration file no Min. password length 0 Max. password length 27 Min. keys per crypt 12 Max. keys per crypt 12 Flags Case sensitive yes Truncates at (our) max. length no Supports 8-bit characters yes Converts internally to UTF-16/UCS-2 yes Honours --encoding=NAME yes Collisions possible (as in likely) no Uses a bitslice implementation no The split() method unifies case yes Supports very long hashes no A $dynamic$ format no A dynamic sized salt no Parallelized with OpenMP no Number of test vectors 43 Algorithm name MD4 128/128 AVX 4x3 Format name Benchmark comment Benchmark length -1 Binary size 16 Salt size 0 Tunable cost parameters Example ciphertext b7e4b9022cd45f275334bbdb83bb5be5 $ ../run/john --list=format-all-details --format=office Format label Office Disabled in configuration file no Min. password length 0 Max. password length 41 [worst case UTF-8] to 125 [ASCII] Min. keys per crypt 32 Max. keys per crypt 128 Flags Case sensitive yes Truncates at (our) max. length no Supports 8-bit characters yes Converts internally to UTF-16/UCS-2 yes Honours --encoding=NAME yes Collisions possible (as in likely) no Uses a bitslice implementation no The split() method unifies case no Supports very long hashes no A $dynamic$ format no A dynamic sized salt no Parallelized with OpenMP yes Poor OpenMP scalability no Number of test vectors 19 Algorithm name SHA1 128/128 AVX 4x / SHA512 128/128 AVX 2x AES Format name 2007/2010/2013 Benchmark comment Benchmark length -1 Binary size 16 Salt size 84 Tunable cost parameters MS Office version, iteration count Example ciphertext $office$*2007*20*128*16*8b2c9e8c878844fc842012273be4bea8*aa862168b80d8c45c852696a8bb499eb*a413507fabe2d87606595f987f679ff4b5b4c2cd In the latter case, we see that worst-case UTF-8 will push down the max length. > I don't know which ones require a calculation from the displayed value. Or failing that, is there a switch that allows john show the actual character length limits of all algorithms? You can see it in the "Converts internally to UTF-16/UCS-2" lines above. magnum
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.