Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Thu, 04 Dec 2014 19:56:50 +0100
From: magnum <>
Subject: Re: Cracking multiple AES Zip files

On 2014-12-04 17:08, Matt Weir wrote:
> AES encrypted zip files have a high number of false positives in them. From
> the Winzip spec:
> Password verification value
> This two-byte value is produced as part of the process that derives the
> encryption and decryption keys from the password. When encrypting, a
> verification value is derived from the encryption password and stored with
> the encrypted file. Before decrypting, a verification value can be derived
> from the decryption password and compared to the value stored with the
> file, serving as a quick check that will detect *most*, but not all,
> incorrect passwords. There is a 1 in 65,536 chance that an incorrect
> password will yield a matching verification value; therefore, a matching
> verification value cannot be absolutely relied on to indicate a correct
> password.
> It also appears that the AES Zip verification value includes a salt. So my
> question is, if I have multiple AES encrypted zip files that all use the
> same password, would it be possible to have JtR see if a password matches
> them all to reduce false positives?

I'm not 100% sure we're talking about the same things here but Jim has 
fixed the zip "WinZIP" format in bleeding-jumbo (five months ago) so it 
no longer has false positives. I do not know the details other than it 
did not appear to involve actual unzipping.


Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.