Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID: <8fa0a627089c85ea56cfb36ff9eefb19@smtp.hushmail.com>
Date: Wed, 22 Jul 2015 00:47:04 +0200
From: magnum <john.magnum@...hmail.com>
To: john-users@...ts.openwall.com
Subject: Re: Re:  Re: restore difficult zip password

On 2015-07-22 00:25, Marek Wrzosek wrote:
> JtR needs zip file to crack the password, either it's stored inside file
> produced by zip2john command (if it's small enough) or as separate file
> (the john needs zip file and the product of zip2john). They need your
> archive (that one with 'asd' password) to check where is the problem or
> they would need to get the exact same version of zip as is in OpenSUSE
> 13.2. Does 'bleeding-jumbo' have problems cracking that zip file with
> 'asd' password?

I already realized he was using the john-1.8.0-jumbo-1 tarball, as can 
be downloaded from Openwall. For some reason he had it named .gz despite 
you could tell from deflate figure (of 45%) it was already gunzipped. 
When I tried to reproduce, I also gunzipped it but used a correct 
filename without gz extendion.

And right now, I realized THAT is the problem! Since his file was called 
.gz even though it wasn't gzipped, his pkzip format was fooled into 
looking for a known plaintext (a gz file magic) that wasn't there - 
voila, false negative.

@JimF, I think we should ditch all use of file magic (or make non 
default) now that we have the excellent Huffman checks.

magnum

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.