jwt-cracker icon indicating copy to clipboard operation
jwt-cracker copied to clipboard

Min secret length

Open 0xCaponte opened this issue 1 year ago • 2 comments

Given the way that variationsStream is implemented, the code still calculates all permutations with repetition up to the min length, but these are no longer passed along to be processed and checked against the token. Ideal would be to replace or extend the variationsStream call but that library has not been updated in 9 years.

Closes #19

0xCaponte avatar Jun 16 '23 18:06 0xCaponte

Thanks, this makes a lot of sense.

I agree that ideally, it will make sense to implement this directly in variation-stream and then update the library here.

I think the current implementation still has performance benefits (because for the items that are skipped, we don't need to test if they would work as a valid signature), even though it's not the most optimal approach...

lmammino avatar Jun 17 '23 11:06 lmammino

I am also thinking that another approach might be to switch to lmammino/indexed-string-variation, which should already allow us to skip entries (basically starting from the first index that corresponds to a sequence of a given minim length).

lmammino avatar Jun 17 '23 12:06 lmammino