Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Date: Wed, 21 Sep 2011 08:20:12 -0500
From: "JimF" <jfoug@....net>
To: <john-dev@...ts.openwall.com>
Subject: Re: -lz (was: No problem seen in Jumbo-6-RC5+0002)

pkzip certainly uses -lz.  I use zlib explicitly in the cracking of pkzip 
passwords. To crack them, you have to inflate the blob. I did not write the 
entire inflate code into john, I use zlib, with a negative bit size, and 
calling the 2nd form init function. That forces zlib to simply handle 'raw' 
deflated blobs like pkzip writes out, vs gzip blobs with a header.  But I do 
absolutely use zlib.  I did write a very small amount of inflate-like code 
directly into john, but it does not inflate.  It simply performs the 
validation of one 'operation', or part of one operation, looking for data 
which does not validate (most bogus data will NOT be of proper format).  It 
is much faster to do it that way (validating 1 op code), than to use all of 
the overhead of zlib to try to detect errors in the first few bytes.

Why he is getting  a linkage error, could be due to dynamic builds, with 
dynamic modules which have already loaded lz, and the -lz being a static 
lib.  Just a guess, since dynamic/static and other linkage issues on *nix is 
not my strong suite.

Jim.

----- Original Message ----- 
From: "Solar Designer" <solar@...nwall.com>


> Previously, Robert reported needing -lz for making a static build of
> John with his install of OpenSSL.
> ...
> Now -lz appears to be needed for pkzip_fmt_plug.c anyway - at least when
> I tried removing -lz, my build on Mac OS X failed:

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.