Solar Designer

> 2\. `length++` per each generated word. The buffer overflow was prevented for short input words by the `cnt == 100` check, which was there for a different purpose. But...

Oh, a comment says: ``` # script changed to append a _ character before the number, each time within # the next() function. Done this way to better validate that...

Should we also increase this? - ```c // Maximum number of placeholders in a mask. #define MAX_NUM_MASK_PLHDR 125 ```

> Maybe arrays of the larger buffers would cause worse cache utilization, perhaps through impact on cache aliasing and thus requiring greater cache associativity for the same size to fit....

> Here's an illustration: This assumes cache-aligned allocation, so maybe we need to start making them such. However, even if aligned to a mere 16 bytes, which tends to be...

> If we change it to our currently common `126`, it prints: > > ``` > [8, 7, 7, 6, 6, 5, 5, 4, 4, 4, 4, 4, 4, 4,...

> 256 is similarly problematic, yet is the actual maximum for some hashes (I think it's a Windows thing). Should we maybe over-allocate the array elements to 320 there? Oh,...

> Should we also increase this? - > > // Maximum number of placeholders in a mask. > #define MAX_NUM_MASK_PLHDR 125 I haven't yet. Any comments on this, @magnumripper?

I checked git history. `MAX_NUM_MASK_PLHDR` started at 127 in Sayantan's code, then @magnumripper changed it several times, first increasing to 255, then decreasing back to 127 and finally to 125....

I reproduced this also with ASan, but it didn't provide any additional detail - just a backtrace similar to yours without `gdb`. ``` Note: Passwords longer than 27 rejected AddressSanitizer:DEADLYSIGNAL...