Date: Tue, 17 Mar 2020 09:25:36 +0200 From: Jonathan A <pc.crumbs@...il.com> To: john-users@...ts.openwall.com Subject: Some 7Zip hashes can't be cracked? Hello all, I have a sample of an encrypted 7Zip file (I know the password). When I use 7z2john.pl on it, I get *a long hash (492 kb)*. Then when I try using john with the known password (i.e. through stdin or wordlist) - it finishes unsuccessfully. However, if I create an encrypted 7Zip sample myself - *the hash is small (112 bytes)* - and it works fine. The only difference I could see myself between the two is that 7Zip says the first file is encrypted with *LZMA2:768k BCJ 7zAES*. While my sample is encrypted with *LZMA2:12 7zAES*. (I can share the first sample, but it has malware in it (I'm a malware researcher), so it can't go in this email). Am I doing something wrong? OR are there simply some methods / hashes that john doesn't handle. Regards, Jonathan
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.