Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Date: Tue, 27 Mar 2012 12:38:03 -0400
From: Rich Rumble <richrumble@...il.com>
To: john-dev@...ts.openwall.com
Subject: Re: Office passwords; testing of raw crypto keys; rainbow
 tables (was: Research ideas.)

On Fri, Mar 23, 2012 at 8:48 PM, Solar Designer <solar@...nwall.com> wrote:
> Once again, to be clear, I do want simple support for the various Office
> files to be implemented - with testing of candidate passwords like JtR
> normally does - possibly under GSoC 2012.
Excellent!
>
>> I am also placing a tarball of various document's I've made using
>> various old and new office, and 3rd party office
>> (OpenOffice/LibreOffice etc) that are password protected. The file
>> names have the Cipher they were encrypted with and the password that
>> they were encrypted with. Something to note is that MS Office
>> truncates the 97-2000 40-bit RC4 encrypted passwords to 15 characters.
>> See the Readme files about the naming convention used in my tarball.
>> I've tested each of these files against the various free tools and two
>> I have paid for and have been able to recover using dictionaries and
>> or key exhaustion.
>> MS Office does offer more options of encryption, and I've also made
>> and tested these files also. These files that don't have "97-2000" in
>> the name must be brute-forced however, at least that is what everyone
>> else is doing :)
>
> Why don't you upload this to our wiki?
>
> http://openwall.info/wiki/john/sample-non-hashes
Uploaded.
> Just include a note that these are not actually supported by JtR yet.
Done.
>> As far as more modern (default) encryption, 128-Bit AES is used on
>> Office 2007 and 2010.On a related note I believe the ODF spec uses
>> Blowfish/PBKDF2
>
> I previously posted this link:
>
> http://www.golubev.com/blog/?p=94
Small correction, and it may just be pedantic, MS office (2007-10) are
OLE files when encrypted as opposed to being "Zip" files when not
encrypted. This is different than ODF formats whose container remains
a "Zip" regardless of encryption.
http://msdn.microsoft.com/en-us/library/dd907883%28office.12%29.aspx#ctl00_MTCS_main_ctl05
http://code.google.com/p/ooxmlcrypto/
I doubt it makes much difference, but just in case.
-rich

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.