Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Thu, 4 Dec 2014 11:08:20 -0500
From: Matt Weir <cweir@...edu>
To: "john-users@...ts.openwall.com" <john-users@...ts.openwall.com>
Subject: Cracking multiple AES Zip files

AES encrypted zip files have a high number of false positives in them. From
the Winzip spec:

Password verification value

This two-byte value is produced as part of the process that derives the
encryption and decryption keys from the password. When encrypting, a
verification value is derived from the encryption password and stored with
the encrypted file. Before decrypting, a verification value can be derived
from the decryption password and compared to the value stored with the
file, serving as a quick check that will detect *most*, but not all,
incorrect passwords. There is a 1 in 65,536 chance that an incorrect
password will yield a matching verification value; therefore, a matching
verification value cannot be absolutely relied on to indicate a correct
password.

It also appears that the AES Zip verification value includes a salt. So my
question is, if I have multiple AES encrypted zip files that all use the
same password, would it be possible to have JtR see if a password matches
them all to reduce false positives?

Matt

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.