Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Date: Tue, 29 Jan 2019 17:52:24 +0100
From: Jirka Vejrazka <jirka.vejrazka@...il.com>
To: Morgan Woodward <john-users@...ts.openwall.com>
Subject: Re: DMG file password cracking

The data in the resulting file.txt would be just a tiny chunk of information related to the original password and some metadata - there is no way to get any relevant information about contents of your documents etc. stored in the encrypted container.

 HTH

    Jirka

  Original Message  
‎
From: Morgan Woodward
Sent: Tuesday, 29 January 2019 17:46
To: john-users@...ts.openwall.com
Reply To: john-users@...ts.openwall.com
Subject: Re: [john-users] DMG file password cracking

Sorry that was really unclear on my part. I was asking if by converting the
file to .txt and receiving help meant that anyone in the community would
have access to the file, or would it stay on my computer to be cracked.
Data contained in the file is legally sensitive information, and I don't
want anyone to have access to the actual content. So you answered my
question!

On Tue, Jan 29, 2019 at 9:53 AM Solar Designer <solar@...nwall.com> wrote:

> On Mon, Jan 28, 2019 at 05:53:35PM -0600, Morgan Woodward wrote:
> > Does this give you access to the actual files?
>
> Who do you refer to by "you"?
>
> I did not suggest that you'd share any files with anyone. I merely
> suggested that you try and get things working in this basic way, and
> then return to this community with more information on what your
> password may or may not be, to receive further guidance.
>
> That said, you could also choose to share your "file.txt" with the
> community, which might reveal your filesystem properties but not actual
> contents of your encrypted files.
>
> If you were referring to yourself, then the way you get access to the
> actual files is through having cracked the password first. You'd use
> this password in the usual way to access the files on your Mac. JtR
> won't directly let you access the files - it will merely give you the
> password (if the attack is successful).
>
> > On Wed, Jan 9, 2019 at 3:36 PM Solar Designer <solar@...nwall.com>
> wrote:
> > > You can try one of the community-contributed builds of JtR for macOS:
> > >
> > > https://download.openwall.net/pub/projects/john/contrib/macosx/
> > >
> > > On newer hardware, use the "avx2" version. If it tells you "Sorry,
> AVX2
> > > is required for this build", then use the "sse4" version found nearby.
> > >
> > > You'll need to first use the dmg2john program on your .dmg file,
> > > redirecting this program's output to a text file, like this in a
> > > Terminal after cd'ing to the "run" directory:
> > >
> > > ./dmg2john /path/to/file.dmg > file.txt
> > >
> > > Then use JtR itself on the resulting file, like this:
> > >
> > > ./john file.txt
> > >
> > > Once you confirm you got this working, the community in here will help
> > > you focus the attack based on whatever you recall about the password.
>
> Alexander
>

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.