Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Date: Thu, 3 Jun 2021 14:47:08 +0200
From: magnum <john.magnum@...hmail.com>
To: john-users@...ts.openwall.com
Subject: Re: How does cracking pkzip2 files work?

On 2021-06-03 10:28, Matthias Braun wrote:
> After reading the description of zip2john's output in the source file (https://github.com/openwall/john/blob/bleeding-jumbo/src/zip2john.c), this is my current assumption: Since the archive doesn't contain the hash of the password used for encrypting, per default, JtR tries a wordlist to decrypt the data stored at the DA position in zip2john's output, runs CRC32 on the result and compares that checksum with the checksum stored at the CR position.
> 
> But in the case of cracking the password for a large file, I'd expect decryption to take quite a while, making each password guess costly.

You are basically correct.

> How does JtR crack pkzip2 archives?

First of all, zip2john simply picks the smallest file from the archive 
in order to minimize the work.  Sometimes there is no small file though.

Second trick: pkzip archives also include another, smaller, checksum 
(just 1 or 2 bytes) of a tiny part of the packed data of each file.  If 
that doesn't match, we can early reject.  But if it does match (and 
unfortunately a single byte checksum will *randomly* match in about 1 of 
256 cases) we do have to checksum the whole (potentially large) file.

So third trick in our bag is we collect several such smaller checksums 
(for up to 8 files), and require all of them to match before going on 
and calculate a whole-file CRC.  If the number of files is smaller, we 
may end up with less than 8 of course.  On a side note, theoretically 
the files in one archive may use different passwords and that 
invalidates this trick (in fact we'll probably get false negatives). 
That is fairly uncommon so by default we assume all have the same password.

So best case for us is an archive with 8 or more files, and at least one 
small file.  Worst case is an archive with only one, huge, file.

magnum

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.