Date: Tue, 30 Jun 2020 10:13:56 +0200 From: magnum <john.magnum@...hmail.com> To: john-users@...ts.openwall.com Subject: Re: decryption without original password On 2020-06-23 23:23, Solar Designer wrote: > On Mon, Jun 22, 2020 at 02:50:45PM +0200, Johny Krekan wrote: >> I have tryed Advanced office password breaker. It is product from >> Elcomsoft which can break 40-bit encryption >> which is used in Word/Excel versions 97/2000. It decrypts document >> without recovering the actual password. It >> recovers the key which is generated from the password. >> 1. Is doing something like this possible with John on old office documents? > > No. JtR currently only supports passwords, not binary keys. We don't attack the key directly, but we're still getting the "benefit" of the crippled 40-bit encryption in that we'll hit usable password collisions at about the same rate anyway (once in about 2**40). Also, we actually have (at least the GPU version) some quirky means for exploiting the 40-bit key once we know it, but I never found it very interesting since the format is so weak anyway: The format can read a "hash" with an attached known 40-bit key, formatted as hashcat does it (Atom calls it MITM key): $oldoffice$0*55045061647456688860411218030058*e7e24d163fbd743992d4b8892bf3f2f7*493410dbc832557d3fe1870ace8397e2:91b2e062b9 The trailing 91b2e062b9 is the 40-bit key. If given, the format will use it for speedup, but we're not getting hashcat speeds (I think). Until we know they key, I see ~438 Mp/s on a 2080ti using mask mode. Once we hit the key, finding more usable passwords (given you used the --keep-guessing option) runs about 3x faster at ~1.3 Gp/s. We never store the RC4 key in the potfile though, it just ends up in the log file. If you want to use it for future sessions, find it (grep log for MITM) and attach it to the original non-hash. magnum
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.