Date: Thu, 29 Mar 2012 10:17:08 +0530 From: Dhiru Kholia <dhiru.kholia@...il.com> To: john-dev@...ts.openwall.com Subject: Re: GSoC non-hash office documents On Thu, Mar 29, 2012 at 6:08 AM, Solar Designer <solar@...nwall.com> wrote: > Hi Mike, > > On Wed, Mar 28, 2012 at 11:23:48AM -0600, Mike Wing wrote: >> I'm rather interested in working on some of the non-hashes for GSoC. >> Specifically >> the Office ones that popped up recently. Just doing a rudimentary search, >> the MS office format (up to 2003) using XOR and RC4 appears to be fairly >> compromised and exploitable as outlined in this paper >> http://eprint.iacr.org/2005/007.pdf. And this has been further developed by >> a french researcher (here: >> http://www.esiea-recherche.eu/data/filiol_pacsec.pdf). I would like to work >> on bringing these features to JtR. > As you can see, Dhiru has already started work on having JtR test > candidate passwords against Office documents - a task that is within > scope for JtR development currently. Please feel free to compete with > him (work on the same thing in parallel and try to make your > implementation better in whatever ways - source code quality, speed, > anything). Alternatively, please feel free to coordinate with him, so > that the two of you work on the task together. I am working on the newer Office 2007 (and possibly 2010) documents. So, I guess there shouldn't be any conflicts. I will keep office2john extensible enough, so that Mike can extend it to work with <= Office 2003 files. -- Cheers, Dhiru
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.