Date: Mon, 19 Sep 2011 09:58:28 +0200 From: magnum <rawsmooth@...dband.net> To: john-users@...ts.openwall.com Subject: Re: Steganography Passphrase Cracking On 2011-09-19 09:01, firstname lastname wrote: ... > For instance, MP3Stego tool by Fabien Petitcolas can be used to hide > text files inside an MP3 file. You can protect your hidden data using > a passphrase. > > While decoding, we need to supply the passphrase to extract the > hidden data from the mp3: > > decode.exe -X -P<pass> sample.mp3 > > I did some research on how to extract the hash from this mp3 file and > didn't make much progress. It uses 3DES to encrypt the hidden data > and SHA-1 to generate pseudo random bits. What happens if you supply the wrong password to decode.exe? Does it recognise it was wrong, or does it extract garbage data? If it's the latter, we may have no way to detect a correct guess unless there's known plaintext (eg. file magic) in the hidden data. magnum
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.