Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Sat, 18 Jul 2015 21:05:38 +0200
From: magnum <>
Subject: Re: Re:  Re: restore difficult zip password

On 2015-07-18 02:56, magnum wrote:
> On 2015-07-18 01:05, rysic wrote:
>> And then I'm creating encrypted zip file (password is "asd")
>> linux-kq4w:/home/kamil/john-1.8.0-jumbo-1/run # zip --encrypt
>> ../../Pobrane/john-1.8.0-jumbo-1.tar.gz
>> Enter password:
>> Verify password:
>>    adding: ../../Pobrane/john-1.8.0-jumbo-1.tar.gz (deflated 45%)
>> generating hash file:
>> linux-kq4w:/home/kamil/john-1.8.0-jumbo-1/run # ./zip2john >
>> test6.h
>> ver 14  efh 5455  efh 7875
>>>../../Pobrane/john-1.8.0-jumbo-1.tar.gz PKZIP Encr: 2b chk,
>> TS_chk, cmplen=32762705, decmplen=59392000, crc=9FEB9743
>> And try to crack it:
>> linux-kq4w:/home/kamil/john-1.8.0-jumbo-1/run # ./john test6.h
>> Loaded 1 password hash (PKZIP [32/64])
>> Will run 4 OpenMP threads
>> Press 'q' or Ctrl-C to abort, almost any other key for status
>> 0g 0:00:00:08 DONE 3/3 (2015-07-18 00:46) 0g/s 9175Kp/s 9175Kc/s
>> 9175KC/s |C%|..||||
>> Session completed
> What version of "zip" are you using? This looks like a bug in our pkzip
> format, and if it is, it's a really really bad one.
> At least one obscure bug was fixed since Jumbo-1, so you might want to
> try building latest code from GitHub.

BTW could you please post the contents of that "test6.h" file? It should 
be short enough you can just attach it. We might be able to reproduce 
and see what went wrong.


Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.