Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 8 Sep 2009 08:47:09 -0600
From: RB <aoz.syn@...il.com>
To: john-users@...ts.openwall.com
Subject: Re: John and RARs or ZIPs

On Tue, Sep 8, 2009 at 08:06, Nahuel GrisolĂ­a<nahuel.grisolia@...il.com> wrote:
> Hey Guys, i just want to know if anyone of you has ever coded something to
> use John to crack the encryption used in RARs (AES128) or ZIPs (??).

This is a class of query that comes up here quite often - "can JtR be
used to crack X?"  The answer depends largely on the implementation,
but is generally "no": JtR doesn't directly support specific file
formats, it handles password hashes.

In clarification (and simplified terms), you need to understand the
difference between hashing and encryption.  Hashing is a one-way
process by which a statistically unique small value is computationally
derived from a [typically] larger data set.  The "one-way" part is
critical: you cannot derive the original data from a hash, only repeat
the process and confirm you have a precise copy.  Encryption is a
bidirectional process by which data may be converted to and from an
opaque form by use of a secret key.  In well-designed systems,
passwords are stored in hashed form - you cannot derive the original
data directly from the hash, but you may hash the data you have and
compare the two.  What JtR does is create a list of potential
passwords, hash them, and then compare them against a specified hash
until it finds a match (or reaches the heat death of the universe),
hence:

John the Ripper does perform any decryption.

I split that out because it's incredibly important to understanding
the role of password "crackers".  Password crackers generally do not
do any decryption, they only bumble along (some more intelligently and
quickly than others) trying to make up something that matches the
known hash.

If a particular file format were to be so generous as to include a
hash of the password, it would be possible to extract that hash and,
if necessary, create a JtR handler for the hash form.  However, most
encrypted formats aren't so poorly designed and will happily decrypt
with whatever key they're given, forcing the attacker to evaluate
whether the decrypted results are valid.  That evaluation is beyond
the scope of an application such as JtR.

> How can we know if the RAR or ZIP is really desencrypted?

The formats probably have internal checksums or well-known values that
are checked post-decryption to allow validation of the key.


Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.