Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 22 Jul 2015 00:47:04 +0200
From: magnum <>
Subject: Re: Re:  Re: restore difficult zip password

On 2015-07-22 00:25, Marek Wrzosek wrote:
> JtR needs zip file to crack the password, either it's stored inside file
> produced by zip2john command (if it's small enough) or as separate file
> (the john needs zip file and the product of zip2john). They need your
> archive (that one with 'asd' password) to check where is the problem or
> they would need to get the exact same version of zip as is in OpenSUSE
> 13.2. Does 'bleeding-jumbo' have problems cracking that zip file with
> 'asd' password?

I already realized he was using the john-1.8.0-jumbo-1 tarball, as can 
be downloaded from Openwall. For some reason he had it named .gz despite 
you could tell from deflate figure (of 45%) it was already gunzipped. 
When I tried to reproduce, I also gunzipped it but used a correct 
filename without gz extendion.

And right now, I realized THAT is the problem! Since his file was called 
.gz even though it wasn't gzipped, his pkzip format was fooled into 
looking for a known plaintext (a gz file magic) that wasn't there - 
voila, false negative.

@JimF, I think we should ditch all use of file magic (or make non 
default) now that we have the excellent Huffman checks.


Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.