Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 08 Oct 2014 21:03:09 +0000
From: augustin <>
Subject: Re: attacking RC2 40-bit S/MIME encrypted emails

> It now hits me this is out of scope for JtR itself. What JtR does is 
> always based on trying human-like passwords. But this "format" would be 
> a key brute-forcer with no input. For the same reason, we haven't 
> implemented an RC4/40 brute-forcer for old Office documents.
> However, even if Solar doesn't want these "in" Jumbo, I'm willing to 
> include them either "with" Jumbo (as stand-alone programs in the Jumbo 
> source tree), or simply as a separate repo if Solar persists. As Atom 
> recently wrote on Hashcat forum, you can sometimes marry RC4-BF with 
> actual password search:

Since the available windows tool does not seem to work for me (it is
running since quite some time and after reaching cycle nr. 28 it starts
over again) - I was wondering whether you would be willing to publish
your proof-of-concept code?

btw: I did not get any answer from my emails to the authors of brutex10
- I could try to contact them via Bruce - he was quite responsive to
email requests in the past.. but I would already be satisfied after seen
that a CPU can indeed find the key in a ~week.


Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.