Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Fri, 5 Dec 2014 10:01:07 -0500
From: Matt Weir <cweir@...edu>
To: "john-users@...ts.openwall.com" <john-users@...ts.openwall.com>
Subject: Re: Cracking multiple AES Zip files

Awesome, thank you very much Magnum and Jim! I need to get into a better
habit of digging into the bleeding JtR before asking questions ;p

Matt

On Thu, Dec 4, 2014 at 9:59 PM, <jfoug@....net> wrote:

> If you use the new bleeding JtR, there is NO false positive any more.  I
> have redone this 'broken' format.  I dug in to understand the gladman code,
> and there is a verifyer, not just the crappy 2 byte checksum.
>
> The change is shown here:
> https://github.com/magnumripper/JohnTheRipper/commit/528e6bcfb1a59f068b70c63b3c0d7ffc62c32ce4
>
> So now there is a 10 byte checksum, so only 1 out of 2^80 chance of a
> false positive.  In JtR land, we count that as exact.  Hell, it is 16 bits
> better than DES ;)
>
> ---- Matt Weir <cweir@...edu> wrote:
> > AES encrypted zip files have a high number of false positives in them.
> From
> > the Winzip spec:
> >
> > Password verification value
> .... clip.
>

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.