Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sat, 4 Sep 2021 17:27:20 +0200
From: magnum <>
Subject: Re: brute forcing AES key

On 2021-09-04 17:19, magnum wrote:
> On 2021-09-03 17:41, wrote:
>> I have a string, result of encryption by an App.
>> The code for encryption of this App is visible here: 
>> <>
>> It looks to me that the dev of this App is missing something 
>> important: he did not use a derivation fonction to create a secret 
>> key, he uses the user provided password directly as an encryption key.
>> So I guess it would be feasible to use a password cracker software 
>> like JtR to brute force the password / key and decrypt the string I have.
>> Is that possible with JtR, if at all?
> A format for attacking this should be, potentially, very fast.  I didn't 
> look a lot into that link you gave but the tricky bit is likely to know 
> when we made a correct guess.  It goes like this: Try a candidate, 
> decrypt some ciphertext, verify against some known plaintext (or 
> plaintext-ish).  If it's correct, we guessed the correct password.
> So, if we can identify some plaintext (such as a file magic) or 
> plaintext-ish (such as json or xml and/or 100% UTF-8 or ASCII) we can 
> hopefully write a format for this.

Oh and another possibility which is used in many formats is *if* that 
software use a padding scheme for the very last block that we can use 
either solely (if it turns out a correct hit *always* have at least, 
say, 6 bytes of padding) or at least as an early reject.


Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.