Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Tue, 30 Aug 2016 15:23:53 -0500
From: jfoug <>
Subject: Re: Which is the correct hash?

On 8/30/2016 1:36 PM, magnum wrote:
> According to Sebastian's mail this morning, the only usable file for 
> attacking is a fairly large one (16 MB) and we may need to CRC all of 
> it for each guess. That's why speed is hit and this is what the "file 
> magic" stuff could possibly work around.

This was exactly why I created the magic logic. Since the blob was a 
.zip file (IF the builder of the blob was not trying to confuse us by 
renaming a jgp picture into a .zip), then the file magic would only need 
to fully decode the first 4 bytes, and then ONLY check if those bytes 
ended up being PK\x3\x4   The magic was not noticeably faster for tiny 
files, but the larger the file was, the more noticeable, and as the size 
of file got huge, without magic, the cracking speed simply almost crawls 
to a stop.

But  (and this is a big but), we are fully assuming that we know what 
the file magic looks like.  That is not always correct (especially if 
the user purposely renamed something as more camouflage).

Was this a pkzip file, or a winzip AES encrypted file?  I though only 
the pkzip had the magic logic in it, and that the winzip method did not 
care how big the file blob was. @magnum: is my rememberance wrong here.


Powered by blists - more mailing lists

Your e-mail address:

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.