Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon, 07 Jul 2014 12:02:16 -0700
From: Dennis Glatting <>
Subject: RE: Possible bug in zip_fmt_plug.c, bleeding edge

Kewlness. Will give it a run.

On Mon, 2014-07-07 at 08:39 -0500, jfoug wrote:
> There is a new updated zip-aes format.  Currently, it is only implemented on
> the CPU side.   I had to make changes to the format string, so the legacy
> $zip$ format has been retired. It likely (due to seeing the recent bugs), to
> have never worked right.  The new format had to add several things needed,
> but now, the detection is deterministic.  In other words, no more
> FMT_NOT_EXACT logic in this format.   However, you will need to re-run
> zip2john against your encrypted .zip files again, to use with this new
> format.  The hash needs to read data from the .zip file to work properly.
> There should be almost no noticeable slowdown from the prior code, UNLESS
> you have a .zip file that has ONLY very large compressed data in it.  The
> exact deterministic method requires computing a HMAC-SHA1 over the
> compressed/encrypted data blob.  That is a pretty fast operation, BUT if the
> data size is large, then it can really slow down times where the 2 byte
> checksum says that this value 'might' be a hit.  That happens, btw, 1 out of
> 64k times, so unless the compressed blob is huge, this slowdown should not
> really be apparent.
> This version is only in the git repository:
>   git clone git:// -b bleeding-jumbo
> Also, this is not a complete re-write, but it was very substantial.  There
> may be a bug still here or there, but will be corrected when they are seen.
> Also the opencl version will need to handle the new format hash signature
> and fields, and perform the proper authentication on 'likely' passwords.
> The current opencl version is only showing the likely passwords (i.e. the 1
> out of 64k check was successful).
> From: Dennis Glatting Thursday, July 03, 2014 1:19
> On Thu, 2014-07-03 at 00:14 -0400, JimF wrote:
> > ---- Dennis Glatting <> wrote: 
> > > On Thu, 2014-07-03 at 02:19 +0200, magnum wrote:
> > > > On 2014-07-03 01:07, Dennis Glatting wrote:
> > > > > Prior to running my word list against my hash, JTR runs test 
> > > > > code using the data structure "zip_tests". Zip_tests by virtua 
> > > > > of the get_salt() function sets the global variable "passverify" 
> ......

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.