Date: Tue, 30 Aug 2016 15:23:53 -0500 From: jfoug <jfoug@...nwall.net> To: john-users@...ts.openwall.com Subject: Re: Which is the correct hash? On 8/30/2016 1:36 PM, magnum wrote: > According to Sebastian's mail this morning, the only usable file for > attacking is a fairly large one (16 MB) and we may need to CRC all of > it for each guess. That's why speed is hit and this is what the "file > magic" stuff could possibly work around. This was exactly why I created the magic logic. Since the blob was a .zip file (IF the builder of the blob was not trying to confuse us by renaming a jgp picture into a .zip), then the file magic would only need to fully decode the first 4 bytes, and then ONLY check if those bytes ended up being PK\x3\x4 The magic was not noticeably faster for tiny files, but the larger the file was, the more noticeable, and as the size of file got huge, without magic, the cracking speed simply almost crawls to a stop. But (and this is a big but), we are fully assuming that we know what the file magic looks like. That is not always correct (especially if the user purposely renamed something as more camouflage). Was this a pkzip file, or a winzip AES encrypted file? I though only the pkzip had the magic logic in it, and that the winzip method did not care how big the file blob was. @magnum: is my rememberance wrong here. Jim.
Powered by blists - more mailing lists
Powered by Openwall GNU/*/Linux - Powered by OpenVZ