Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sun, 23 Dec 2012 19:32:49 +0530
From: Dhiru Kholia <>
Subject: Re: gpg2john -> false positive -> how to exclude?

On Sun, Dec 23, 2012 at 7:19 PM, magnum <> wrote:
> On 23 Dec, 2012, at 13:42 , Dhiru Kholia <> wrote:
>> I don't plan to commit this change (for now). I am trying to find the
>> root cause of the problem.
>> The problem is that I have not been able to generate a DSA key which
>> generates false positives.
> Me neither. All keys I produce seem to get a 'datalen' of 42, whereas Seb's one has 24. I wonder why? What is that data and why is his data shorter?

Very strange. Passware says that the file is "slightly damaged".
However, pgpdump doesn't complain about the file.

> BTW I just noticed if you have several keys in secring.gpg, gpg2john will only extract one of them, and give no notice about there being more. This could be improved.

Yes. Will a warning suffice? We can ask the user to use standard
programs to separate out the keys first.


Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.