Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 06 Mar 2012 08:41:01 +0100
From: magnum <john.magnum@...hmail.com>
To: john-dev@...ts.openwall.com
Subject: Re: RAR format finally proper

On 03/06/2012 01:40 AM, Frank Dittrich wrote:
> On 03/06/2012 01:16 AM, magnum wrote:
>> But rar2john will now scan the whole archive and pick the
>> smallest file possible.
> 
> Hopefully not an empty file, or would this work as well?

Good question. The previous version would not work at all if the first
entry was a directory or non-encrypted file. Directories are now ignored.

I just tested an empty, encrypted file and it did work at first. It gets
a packed size of 16 (all padding), an unpacked size of 0 and a crc of
00000000. The correct password was cracked but further testing show
false positives due to the CRC. I will fix this.

Stored, encrypted file work fine, using their own code path. I suppose
they are faster than packed ones but currently the packed size is the
only arbiter so a 500K packed file will be prefered over a 501K stored
one. Maybe it should use unpacked size instead but we should verify this
first. The risk of false positives (32-bit CRC collision) is higher with
stored files though: The inflation/deflation sort out some false positives.

magnum

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ