Date: Thu, 23 Jul 2015 15:08:37 +0200 From: rysic <rysic@...pl> To: "john-users@...ts.openwall.com" <john-users@...ts.openwall.com> Subject: Re: Re: Re: Re: restore difficult zip password You are rught! If I use whole directory, then it is working!!! :-) Thank you! W dniu 2015-07-22 00:47:04 użytkownik magnum <john.magnum@...hmail.com> napisał: > On 2015-07-22 00:25, Marek Wrzosek wrote: > > JtR needs zip file to crack the password, either it's stored inside file > > produced by zip2john command (if it's small enough) or as separate file > > (the john needs zip file and the product of zip2john). They need your > > archive (that one with 'asd' password) to check where is the problem or > > they would need to get the exact same version of zip as is in OpenSUSE > > 13.2. Does 'bleeding-jumbo' have problems cracking that zip file with > > 'asd' password? > > I already realized he was using the john-1.8.0-jumbo-1 tarball, as can > be downloaded from Openwall. For some reason he had it named .gz despite > you could tell from deflate figure (of 45%) it was already gunzipped. > When I tried to reproduce, I also gunzipped it but used a correct > filename without gz extendion. > > And right now, I realized THAT is the problem! Since his file was called > .gz even though it wasn't gzipped, his pkzip format was fooled into > looking for a known plaintext (a gz file magic) that wasn't there - > voila, false negative. > > @JimF, I think we should ditch all use of file magic (or make non > default) now that we have the excellent Huffman checks. > > magnum > >
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.