Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 20 Oct 2015 10:33:57 +0200
From: magnum <>
Subject: Re: false positive for dmg?

On 2015-10-20 04:47, noir maru wrote:
> using the latest bleeding jumbo on mavericks, i have a dmg that i have been
> bruteforcing in incremental mode with . i was surprised to see a result so
> soon.
> the command i am using is
> john password.hash -inc:LowerNum
> however, when i try to open the dmg, it does not accept the password. i
> have tested this build of john with many other encrypted dmg and it always
> gave the right password. but could this be a false positive?

Thanks for reporting. Some iterations ago, our DMG format would emit 
lots of false positives (as well as the correct one) and since we knew 
that, we made it keep trying after it found a password candidate - 
looking for more. Latest version was improved enough that we removed the 
"look for more" but it seems you found a false positive. You can force 
the "look for more" by running with --keep-guessing option.

In order for me to possibly improve some algo, I'd need that file: Just 
the small file produced with dmg2john, if you dare sharing it. It 
shouldn't contain any file data (not even file names), just some amount 
of filesystem metadata. Perhaps you could send it to me off-list?


Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.