Date: Tue, 20 Oct 2015 10:33:57 +0200 From: magnum <john.magnum@...hmail.com> To: john-users@...ts.openwall.com Subject: Re: false positive for dmg? On 2015-10-20 04:47, noir maru wrote: > using the latest bleeding jumbo on mavericks, i have a dmg that i have been > bruteforcing in incremental mode with . i was surprised to see a result so > soon. > the command i am using is > john password.hash -inc:LowerNum > > however, when i try to open the dmg, it does not accept the password. i > have tested this build of john with many other encrypted dmg and it always > gave the right password. but could this be a false positive? Thanks for reporting. Some iterations ago, our DMG format would emit lots of false positives (as well as the correct one) and since we knew that, we made it keep trying after it found a password candidate - looking for more. Latest version was improved enough that we removed the "look for more" but it seems you found a false positive. You can force the "look for more" by running with --keep-guessing option. In order for me to possibly improve some algo, I'd need that file: Just the small file produced with dmg2john, if you dare sharing it. It shouldn't contain any file data (not even file names), just some amount of filesystem metadata. Perhaps you could send it to me off-list? magnum
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.