Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Tue, 14 Mar 2023 21:03:36 +0000
From: Nate Widmyer <touring_fan@....com>
To: "john-users@...ts.openwall.com" <john-users@...ts.openwall.com>
Subject: Looking for input

Hello,

I'm trying to recover a password to three 7-zip archives that I made, which I created all in the same way, using 7zip with SHA-256 encryption.
I got JTR running to the point where JTR starts and begins processing, but it's going to take forever to try everything, but since I encrypted it, I know what the parameters that were used to generate the passwords to narrow down the search size.

* password was definitely between 20 - 30 characters. I know standard JTR builds use 24 chars as compiled limit, so this means a custom build, which I may be able to manage after creating a development environment, which takes time. I'd probably like to split the password input into 4 runs (in decreasing order of probability of use): 22-25 chars, 20 and 21 chars, 26 chars, 27-30 chars.
* password was generated via KeePassXC password generation, with A-Z, a-z, 0-9 and specials character classes, but no extended ASCII. I believe JTR only deals in ASCII anyway. That means no dictionary attacks needed, just lots of random chars.

I figure I need:
1. a build of JTR that can support 30 chars. I know getting it to run on a GPU is preferable.
2. maybe do it in AWS and get it off of my machine. I saw announcements about JTR AMI, but that build may be limited to 24 chars.
3. some way to provide possible passwords (on the fly?) for JTR, starting from this source:
https://github.com/keepassxreboot/keepassxc/blob/2.7.1/src/core/PasswordGenerator.h
https://github.com/keepassxreboot/keepassxc/blob/2.7.1/src/core/PasswordGenerator.cpp

but probably needs to express the # of total possibilities, etc...


What else am I missing that's going to turn this into more of an impossible task?

I tried to look for other people trying to do the same sort of thing, but nothing seemed obvious and I'm pretty new to this.

Thanks,
Nate

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.