|
Message-ID: <20110703011302.GA5094@openwall.com> Date: Sun, 3 Jul 2011 05:13:02 +0400 From: Solar Designer <solar@...nwall.com> To: john-users@...ts.openwall.com Subject: John the Ripper 1.7.8-jumbo-2 Hi, Yes, a -jumbo based on JtR 1.7.8 is finally out: http://www.openwall.com/john/ http://www.openwall.com/john/#contrib Besides the rebase to 1.7.8, the changes include: As part of Dhiru Kholia's GSoC 2011 project, support for cracking of password-protected WinZip archives with AES encryption has been added. As currently implemented, false positives may occur (in other words, non-working passwords may be found), typically if the actual password is complicated. Hopefully, this shortcoming will be addressed at a later time. Meanwhile, to try the feature out, run the zip2john program (which is part of 1.7.8-jumbo-2) on one or more ZIP archives, redirecting the output to a file. Then run john on this file. Sample password-protected ZIP archives for testing may be obtained at: http://openwall.info/wiki/john/sample-non-hashes This page also hosts sample passphrase/password-protected SSH keys, PDF files, and RAR archives. These were already supported in 1.7.7-jumbo-6, and indeed they still are. The usage instructions are similar - there are ssh2john, pdf2john, and rar2john programs included. To give credit where it's due, in his work on WinZip archives Dhiru Kholia has reused some code and documentation by Dr Brian Gladman: http://www.gladman.me.uk/cryptography_technology/fileencrypt/ The support for SSH keys was inspired by the ssh-privkey-crack program: http://neophob.com/2007/10/ssh-private-key-cracker/ (although Dhiru's code in JtR is different). The PDF support in JtR builds upon the PDFCrack program by Henning Noren: http://pdfcrack.sourceforge.net The RAR support in JtR uses a little bit of code from the public domain unrar utility written by Alexander Roshal, and it is made possible due to Marc Bevand's documentation of the RAR encryption scheme, originally for Marc's unrarhp: http://www.zorinaq.com/unrarhp/ (I should have included this credit in my announcement of 1.7.7-jumbo-6, but I forgot. Better late than never.) The rest of the changes in 1.7.8-jumbo-2 are by JimF and magnum: Compile-time detection of OpenSSL 0.9.8+ has been added, automatically enabling support for Sybase ASE and hmailserver hashes. The performance at MSCash2 (Domain Cached Credentials of modern Windows systems) has been improved. Minor other performance and portability improvements have been made. Enjoy, and provide your feedback. Alexander
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.