Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID: <00a101cf99e8$e11bed80$a353c880$@net>
Date: Mon, 7 Jul 2014 08:39:29 -0500
From: "jfoug" <jfoug@....net>
To: <john-users@...ts.openwall.com>
Subject: RE: Possible bug in zip_fmt_plug.c, bleeding edge

There is a new updated zip-aes format.  Currently, it is only implemented on
the CPU side.   I had to make changes to the format string, so the legacy
$zip$ format has been retired. It likely (due to seeing the recent bugs), to
have never worked right.  The new format had to add several things needed,
but now, the detection is deterministic.  In other words, no more
FMT_NOT_EXACT logic in this format.   However, you will need to re-run
zip2john against your encrypted .zip files again, to use with this new
format.  The hash needs to read data from the .zip file to work properly.
There should be almost no noticeable slowdown from the prior code, UNLESS
you have a .zip file that has ONLY very large compressed data in it.  The
exact deterministic method requires computing a HMAC-SHA1 over the
compressed/encrypted data blob.  That is a pretty fast operation, BUT if the
data size is large, then it can really slow down times where the 2 byte
checksum says that this value 'might' be a hit.  That happens, btw, 1 out of
64k times, so unless the compressed blob is huge, this slowdown should not
really be apparent.

This version is only in the git repository:
  git clone git://github.com/magnumripper/JohnTheRipper -b bleeding-jumbo

Also, this is not a complete re-write, but it was very substantial.  There
may be a bug still here or there, but will be corrected when they are seen.
Also the opencl version will need to handle the new format hash signature
and fields, and perform the proper authentication on 'likely' passwords.
The current opencl version is only showing the likely passwords (i.e. the 1
out of 64k check was successful).

From: Dennis Glatting Thursday, July 03, 2014 1:19
On Thu, 2014-07-03 at 00:14 -0400, JimF wrote:
> ---- Dennis Glatting <jtr@...2.com> wrote: 
> > On Thu, 2014-07-03 at 02:19 +0200, magnum wrote:
> > > On 2014-07-03 01:07, Dennis Glatting wrote:
> > > > Prior to running my word list against my hash, JTR runs test 
> > > > code using the data structure "zip_tests". Zip_tests by virtua 
> > > > of the get_salt() function sets the global variable "passverify" 
......

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.