Date: Mon, 23 Jan 2012 18:29:29 -0500 From: Rich Rumble <richrumble@...il.com> To: john-dev@...ts.openwall.com Subject: Re: Jumbo future On Mon, Jan 23, 2012 at 5:00 PM, Solar Designer <solar@...nwall.com> wrote: > On Mon, Jan 16, 2012 at 02:35:31AM +0100, magnum wrote: >> On 01/16/2012 12:12 AM, Solar Designer wrote: >> > Here's one more: Drupal 7 uses a revision of phpass with MD5 replaced >> > with SHA-512 and hashes cut at 258 bits (yes, 258 - that's a multiple of 6). >> > These hash encodings use the $S$ prefix. Perhaps we should support them. >> >> I'll add this, and other things you mentioned earlier, to the wiki >> wish-list. > > Thanks. Here's one more to add: it'd be nice for JtR to support SIP > challenge/responses, essentially integrating SIPcrack into JtR: I couldn't find where it's be discussed before, but M$ Office password support would be nice. The password to OPEN a file in particular. This is a weak 40-bit RC4 (Office 97-2000 and Office XP), it was the default and in many of the office suites only encryption available. There is a brute-force method, and there is a key exhaustion method since the key space is limited. The key exhaustion would be a "guaranteed" method of recovery, might not be 100% but should be as close as one could hope. I can try to locate where the passwords are and how to extract, then it might just be a case of cracking them. I'm not sure about the exhaustion method though, and how to use that key once found. http://www.securiteam.com/windowsntfocus/6K003150KG.html VelvetSweatshop being the generated key. http://svn.apache.org/repos/asf/poi/trunk/src/java/org/apache/poi/hssf/record/crypto/Biff8EncryptionKey.java PST files if I recall have many collisions due to use crc32 (a? b?) and since we have some CRC code already perhaps it's more of a question of extraction than making a new module. -rich
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.