Date: Wed, 21 Sep 2011 16:35:29 -0500 From: "jfoug" <jfoug@....net> To: <john-users@...ts.openwall.com> Subject: RE: False positives on zip (aes256) There is a patch to add after the new Jumbo-7. It is on the Wiki. This patch adds ability for a format to say that it finds 'false' positive passwords, so the format will continue to search even if it finds one. The patch page is: http://openwall.info/wiki/john/patches?do=show The only format at the current time, using this code, is the zip-AES format (the slow one). Now, this format will continue to search, even after finding a match. It will be up to the user to really 'remove' the hash line from the input file, once the 'real' password has been found. This was implemented as a format flag (I used FMT_NOT_EXACT). >From: Solar Designer [mailto:solar@...nwall.com] > >On Fri, Sep 02, 2011 at 08:38:30AM -0500, jfoug wrote: >> I have added this as a 'wish list' item. So if we do have formats >> which end up outputting false ++ (and we cannot 'fix' them), then >> an option like this will do just what you are seeing be performed >> with your hard coded change. > >Alternatively, we could add a flag like FMT_MULTIGUESS, which we'd set >for the current implementation of the WinZip/AES format, and which the >rest of JtR code would interpret as a request to allow this format to >produce multiple guesses. It would affect (non-)removal of cracked >hashes/ciphertexts both during cracking and on load. > >Besides false positives, another use may be for very weak >hashes/ciphers/non-crypto where actual collisions are likely - e.g., if >we ever introduce a way to crack CRC-32, BIOS passwords, etc. and want >to let the user choose a good-looking one out of many valid passwords. > >This is becoming a topic for john-dev, though. Since it was posted on john-users, I figured a notice of a working patch was on-topic here. There still are other ideas which may be added to this sub-project, but that will be done on the other list. Jim.
Powered by blists - more mailing lists
Powered by Openwall GNU/*/Linux - Powered by OpenVZ