Date: Thu, 6 Jul 2017 16:52:25 +0200 From: Solar Designer <solar@...nwall.com> To: john-users@...ts.openwall.com Subject: Re: gpg2john working for symmetric encryption? On Thu, Jul 06, 2017 at 10:15:18PM +0800, noir maru wrote: > I've been doing some further testing and specifying the cipher CAST5 with > gpg --cipher-algo CAST5 -c -o data2.tgz.gpg causes this problem, but the > default AES does not. What revision of jumbo are you using? If it's anything other than the latest bleeding-jumbo, please upgrade. That said, the latest doesn't appear to work for CAST5 encrypted GnuPG files either. It just doesn't misparse the line for me: $ gpg -c --cipher-algo cast5 -o file.gpg < /bin/bash [...] $ ./gpg2john file.gpg > pw-gpg-cast5 [gpg2john] MDC is misssing, expect false positives! (until eof) Next packet - other than one pass signature $ wc pw-gpg-cast5 1 1 16505 pw-gpg-cast5 $ ./john -w=w pw-gpg-cast5 Using default input encoding: UTF-8 Loaded 1 password hash (gpg, OpenPGP / GnuPG Secret Key [32/64]) Will run 4 OpenMP threads Press 'q' or Ctrl-C to abort, almost any other key for status 0g 0:00:00:00 DONE (2017-07-06 16:45) 0g/s 9457p/s 9457c/s 9457C/s Metallic..sss Session completed Without "--cipher-algo cast5", the same sequence of commands does crack the password (which is on the wordlist). > On Thu, Jul 6, 2017 at 9:48 PM, noir maru <noirmaru@...il.com> wrote: > > wc export.hash returns: 1 1 16809 export.hash OK, this looks similar to mine. So apparently your maybe older(?) revision of bleeding-jumbo splits that line at loading, causing misdetection as various unrelated hash types. > > the file only has one very long line, and it is going directly from the > > output of gpg2john... is there another way than gpg2john export.tgz.gpg > > > export.hash that I should be using to avoid corruption? > > > > when running gpg2john there are some other errors I didn't notice. > > > > Unknown string-to-key(s2k 166) > > > > unknown version (90). I also don't receive these specific errors. Do you receive them even if you create a test CAST5 file now, similar to what I did? > > This file is encrypted with CAST5 according to gpg... > > > > --format=gpg didn't make any difference... Are you sure it literally "didn't make any difference"? Perhaps the output from JtR was substantially different, with it no longer saying it loaded some 12 hashes? > > I tested it on an AES gpg file and it works. It seems to be CAST5 > > specifically... > > > > But I'm not expert in this. Yes, it looks like there are issues for us to fix here, and it looks like some (but not enough for your needs) might have already been fixed since whatever revision of jumbo you're using. Alexander
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.