Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <32924.108.4.182.89.1344302716.squirrel@webmail.tuffmail.net>
Date: Mon, 6 Aug 2012 21:25:16 -0400 (EDT)
From: "Brad Tilley" <brad@...ystems.com>
To: john-users@...ts.openwall.com
Subject: Re: Aleksey's writeup for Crack Me If You Can 2012

<snip>

Hey Aleksey, very nice write-up. Thanks for posting it.

> I wrote gpg wrapper too but it did not handle false positives. I did
> not finished gpg wrapper but we solved enough challenges.

I ran into the symmetric PGP file false-positives as well and found that
if you check the return code and that the output file is not zero byte,
then you won't have false-positives. Not ideal, but it works. Here's an
example:

#!/bin/bash

# A script to brute-force symmetric PGP/GPG files
# Gets about 285 words per second on my laptop
# usage: gpg.sh file.gpg

file=$1
out=gpg.txt

for word in $(wm --low --words /home/rbt/words/common.txt); do

  echo "${word}" && echo -n "${word}" | gpg -d --passphrase-fd=0 --no-tty
$file > $out;

  # if gpg returns 0 and if the output is more than 0 bytes, then stop
  if [ $? -eq 0 ]; then
    if [ -s $out ]; then
      echo "GOT IT: ${word}";
      exit 0;
    fi
  fi

done;

exit 1;

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.