Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Thu, 6 Jul 2017 16:52:25 +0200
From: Solar Designer <>
Subject: Re: gpg2john working for symmetric encryption?

On Thu, Jul 06, 2017 at 10:15:18PM +0800, noir maru wrote:
> I've been doing some further testing and specifying the cipher CAST5 with
> gpg --cipher-algo CAST5 -c -o data2.tgz.gpg causes this problem, but the
> default AES does not.

What revision of jumbo are you using?  If it's anything other than the
latest bleeding-jumbo, please upgrade.

That said, the latest doesn't appear to work for CAST5 encrypted GnuPG
files either.  It just doesn't misparse the line for me:

$ gpg -c --cipher-algo cast5 -o file.gpg < /bin/bash
$ ./gpg2john file.gpg > pw-gpg-cast5
[gpg2john] MDC is misssing, expect false positives!
(until eof)
	Next packet - other than one pass signature
$ wc pw-gpg-cast5 
    1     1 16505 pw-gpg-cast5
$ ./john -w=w pw-gpg-cast5 
Using default input encoding: UTF-8
Loaded 1 password hash (gpg, OpenPGP / GnuPG Secret Key [32/64])
Will run 4 OpenMP threads
Press 'q' or Ctrl-C to abort, almost any other key for status
0g 0:00:00:00 DONE (2017-07-06 16:45) 0g/s 9457p/s 9457c/s 9457C/s Metallic..sss
Session completed

Without "--cipher-algo cast5", the same sequence of commands does crack
the password (which is on the wordlist).

> On Thu, Jul 6, 2017 at 9:48 PM, noir maru <> wrote:
> > wc export.hash returns:       1       1   16809 export.hash

OK, this looks similar to mine.

So apparently your maybe older(?) revision of bleeding-jumbo splits that
line at loading, causing misdetection as various unrelated hash types.

> > the file only has one very long line, and it is going directly from the
> > output of gpg2john... is there another way than gpg2john export.tgz.gpg >
> > export.hash that I should be using to avoid corruption?
> >
> > when running gpg2john there are some other errors I didn't notice.
> >
> > Unknown string-to-key(s2k 166)
> >
> > unknown version (90).

I also don't receive these specific errors.  Do you receive them even if
you create a test CAST5 file now, similar to what I did?

> > This file is encrypted with CAST5 according to gpg...
> >
> > --format=gpg didn't make any difference...

Are you sure it literally "didn't make any difference"?  Perhaps the
output from JtR was substantially different, with it no longer saying it
loaded some 12 hashes?

> > I tested it on an AES gpg file and it works. It seems to be CAST5
> > specifically...
> >
> > But I'm not expert in this.

Yes, it looks like there are issues for us to fix here, and it looks
like some (but not enough for your needs) might have already been fixed
since whatever revision of jumbo you're using.


Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.