Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 06 Mar 2012 08:41:01 +0100
From: magnum <>
Subject: Re: RAR format finally proper

On 03/06/2012 01:40 AM, Frank Dittrich wrote:
> On 03/06/2012 01:16 AM, magnum wrote:
>> But rar2john will now scan the whole archive and pick the
>> smallest file possible.
> Hopefully not an empty file, or would this work as well?

Good question. The previous version would not work at all if the first
entry was a directory or non-encrypted file. Directories are now ignored.

I just tested an empty, encrypted file and it did work at first. It gets
a packed size of 16 (all padding), an unpacked size of 0 and a crc of
00000000. The correct password was cracked but further testing show
false positives due to the CRC. I will fix this.

Stored, encrypted file work fine, using their own code path. I suppose
they are faster than packed ones but currently the packed size is the
only arbiter so a 500K packed file will be prefered over a 501K stored
one. Maybe it should use unpacked size instead but we should verify this
first. The risk of false positives (32-bit CRC collision) is higher with
stored files though: The inflation/deflation sort out some false positives.


Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.