Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <20141204215918.1V07J.781518.imail@eastrmwml107>
Date: Thu, 4 Dec 2014 21:59:18 -0500
From:  <jfoug@....net>
To: john-users@...ts.openwall.com
Subject: Re: Cracking multiple AES Zip files

If you use the new bleeding JtR, there is NO false positive any more.  I have redone this 'broken' format.  I dug in to understand the gladman code, and there is a verifyer, not just the crappy 2 byte checksum.

The change is shown here:  https://github.com/magnumripper/JohnTheRipper/commit/528e6bcfb1a59f068b70c63b3c0d7ffc62c32ce4

So now there is a 10 byte checksum, so only 1 out of 2^80 chance of a false positive.  In JtR land, we count that as exact.  Hell, it is 16 bits better than DES ;)

---- Matt Weir <cweir@...edu> wrote: 
> AES encrypted zip files have a high number of false positives in them. From
> the Winzip spec:
> 
> Password verification value
.... clip.

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.