Date: Tue, 06 Mar 2012 08:41:01 +0100 From: magnum <john.magnum@...hmail.com> To: john-dev@...ts.openwall.com Subject: Re: RAR format finally proper On 03/06/2012 01:40 AM, Frank Dittrich wrote: > On 03/06/2012 01:16 AM, magnum wrote: >> But rar2john will now scan the whole archive and pick the >> smallest file possible. > > Hopefully not an empty file, or would this work as well? Good question. The previous version would not work at all if the first entry was a directory or non-encrypted file. Directories are now ignored. I just tested an empty, encrypted file and it did work at first. It gets a packed size of 16 (all padding), an unpacked size of 0 and a crc of 00000000. The correct password was cracked but further testing show false positives due to the CRC. I will fix this. Stored, encrypted file work fine, using their own code path. I suppose they are faster than packed ones but currently the packed size is the only arbiter so a 500K packed file will be prefered over a 501K stored one. Maybe it should use unpacked size instead but we should verify this first. The risk of false positives (32-bit CRC collision) is higher with stored files though: The inflation/deflation sort out some false positives. magnum
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.