Date: Sat, 3 Sep 2011 03:56:25 +0400 From: Solar Designer <solar@...nwall.com> To: john-users@...ts.openwall.com Subject: Re: False positives on zip (aes256) Jim - On Fri, Sep 02, 2011 at 08:38:30AM -0500, jfoug wrote: > I have added this as a 'wish list' item. So if we do have formats which end > up outputting false ++ (and we cannot 'fix' them), then an option like this > will do just what you are seeing be performed with your hard coded change. Alternatively, we could add a flag like FMT_MULTIGUESS, which we'd set for the current implementation of the WinZip/AES format, and which the rest of JtR code would interpret as a request to allow this format to produce multiple guesses. It would affect (non-)removal of cracked hashes/ciphertexts both during cracking and on load. Besides false positives, another use may be for very weak hashes/ciphers/non-crypto where actual collisions are likely - e.g., if we ever introduce a way to crack CRC-32, BIOS passwords, etc. and want to let the user choose a good-looking one out of many valid passwords. This is becoming a topic for john-dev, though. Alexander
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.