Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Thu, 29 Mar 2012 10:17:08 +0530
From: Dhiru Kholia <dhiru.kholia@...il.com>
To: john-dev@...ts.openwall.com
Subject: Re: GSoC non-hash office documents

On Thu, Mar 29, 2012 at 6:08 AM, Solar Designer <solar@...nwall.com> wrote:
> Hi Mike,
>
> On Wed, Mar 28, 2012 at 11:23:48AM -0600, Mike Wing wrote:
>> I'm rather interested in working on some of the non-hashes for GSoC.
>> Specifically
>> the Office  ones that popped up recently. Just doing a rudimentary search,
>> the MS office format (up to 2003) using XOR and RC4 appears to be fairly
>> compromised and exploitable as outlined in this paper
>> http://eprint.iacr.org/2005/007.pdf. And this has been further developed by
>> a french researcher (here:
>> http://www.esiea-recherche.eu/data/filiol_pacsec.pdf). I would like to work
>> on bringing these features to JtR.

> As you can see, Dhiru has already started work on having JtR test
> candidate passwords against Office documents - a task that is within
> scope for JtR development currently.  Please feel free to compete with
> him (work on the same thing in parallel and try to make your
> implementation better in whatever ways - source code quality, speed,
> anything).  Alternatively, please feel free to coordinate with him, so
> that the two of you work on the task together.

I am working on the newer Office 2007 (and possibly 2010) documents.
So, I guess there shouldn't be any conflicts. I will keep office2john
extensible enough, so that Mike can extend it to work with <= Office
2003 files.

-- 
Cheers,
Dhiru

Powered by blists - more mailing lists

Your e-mail address:

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.