Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sat, 10 Sep 2011 11:54:59 +0200
From: magnum <>
Subject: Re: Rewrite of the pkzip format posted (on the wiki).

On 2011-09-09 23:59, jfoug wrote:
> The pkzip_fmt has been re-written, and the patch posted on the wiki (The
> patch 0011-pkzip-format-rewrite-1.diff. and found on
> This format is faster.  How much
> faster depends upon the type of zip file, and the size of the smallest file,
> and how many encrypted zip files are in that zip file.

Here's a detail I think was better with the old version:

Loaded 8 password hashes with 8 different salts (pkzip [N/A])
magnum           (
100              (
48670667         ( version output:
Loaded 9 password hashes with 9 different salts (pkzip [N/A])
magnum           (?)
100              (?)
48670667         (?)

A questionmark is not very useful here. This should be a trivial fix to 
zip2john. One of my test files don't even get the filename AT ALL in the 

$ zip2john 2>/dev/null

Also, there is a line that should go to stderr and not to the infile:>contest_tree/challenge1/ is not encrypted!

For some reason it *fails* to crack even 
though it cracked five other testfiles in the same session that had the 
same password. Can you verify cracking of that very file? I suspect the 
problem is in zip2john and not the format. Here is the line I got from 
zip2john for that file:


Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.