Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [day] [month] [year] [list]
Date: Thu, 23 Jul 2015 15:08:37 +0200
From: rysic <>
To: "" <>
Subject: Re: Re: Re:  Re: restore difficult zip password

You are rught!
If I use whole directory, then it is working!!! :-)
Thank you!

W dniu 2015-07-22 00:47:04 użytkownik magnum <> napisał:
> On 2015-07-22 00:25, Marek Wrzosek wrote:
> > JtR needs zip file to crack the password, either it's stored inside file
> > produced by zip2john command (if it's small enough) or as separate file
> > (the john needs zip file and the product of zip2john). They need your
> > archive (that one with 'asd' password) to check where is the problem or
> > they would need to get the exact same version of zip as is in OpenSUSE
> > 13.2. Does 'bleeding-jumbo' have problems cracking that zip file with
> > 'asd' password?
> I already realized he was using the john-1.8.0-jumbo-1 tarball, as can 
> be downloaded from Openwall. For some reason he had it named .gz despite 
> you could tell from deflate figure (of 45%) it was already gunzipped. 
> When I tried to reproduce, I also gunzipped it but used a correct 
> filename without gz extendion.
> And right now, I realized THAT is the problem! Since his file was called 
> .gz even though it wasn't gzipped, his pkzip format was fooled into 
> looking for a known plaintext (a gz file magic) that wasn't there - 
> voila, false negative.
> @JimF, I think we should ditch all use of file magic (or make non 
> default) now that we have the excellent Huffman checks.
> magnum

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.