Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Tue, 20 Oct 2015 07:17:58 +0430
From: noir maru <>
Subject: false positive for dmg?


using the latest bleeding jumbo on mavericks, i have a dmg that i have been
bruteforcing in incremental mode with . i was surprised to see a result so
the command i am using is
john password.hash -inc:LowerNum

however, when i try to open the dmg, it does not accept the password. i
have tested this build of john with many other encrypted dmg and it always
gave the right password. but could this be a false positive?

the dmg was made in 2004. i have tried dmg2john and with the
same result.

on a 32-bit windows 7 machine, with pre-compiled binary, i get a different
response and password does not match. see below:

any help would be appreciated. thanks!

OS X Mavericks - Latest jumbo bleeding
./john password.hash -inc:LowerNum
Warning: detected hash type "dmg", but the string is also recognized as
Use the "--format=dmg-opencl" option to force loading these as that type
Using default input encoding: UTF-8
Loaded 1 password hash (dmg, Apple DMG [PBKDF2-SHA1 128/128 SSSE3 4x
Will run 4 OpenMP threads
Node numbers 1-3 of 4
Press 'q' or Ctrl-C to abort, almost any other key for status
########        (password.dmg)
1g 0:11:19:57 DONE (2015-10-20 10:26) 0.000024g/s 10453p/s 10453c/s
10453C/s lefyfich..lefy0408
Use the "--show" option to display all of the cracked passwords reliably
Session completed

Windows 7, 32-bit, john-the-ripper-v1 8 0

c:\john\run>john password.hash -inc:LowerNum
Loaded 1 password hash (dmg, Apple DMG [PBKDF2-SHA1 3DES/AES 32/32])
Will run 4 OpenMP threads
Press 'q' or Ctrl-C to abort, almost any other key for status
0g 0:00:02:56  3/3 0g/s 2512p/s 2512c/s 2512C/s ammaso..ammyry

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.