Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 11 Aug 2015 13:18:36 +0200
From: magnum <john.magnum@...hmail.com>
To: john-users@...ts.openwall.com
Subject: Re: a question about encrypted 7z hashes

On 2015-08-11 00:02, Matthew Smith wrote:
> Currently the 7z2john.py does not support 7z archives with unencrypted file
> names.  However, hashcat has a utility that will do this.  I was wondering
> about the compatibility between the two hashes.
>
> Could you use a hash generated by the hashcat extractor utility with John
> the Ripper?  There seem to be some differences between the two hashes.

I'm pretty sure the hashcat tool is more complete than ours, and that 
goes for the format too. So I think this is the current situation:

- for solid archives, 7z2john or 7z2hashcat will produce the same 
output, and JtR or oclHashcat can be used to crack it.

- for non-solid archives, only 7z2hashcat will produce a "hash" and JtR 
lacks some code to handle this output.

So what we should do is first, make our format handle the 7z2hashcat 
output for non-solid archives, and second, enhance 7z2john (or adopt 
7z2hashcat code, iirc the license would allow it).

> I guess I don't understand hashes.  Shouldn't they be the same as the
> password is the same?  Why are they different?  Could I use the output from
> the 7z2hashcat.pl hash as input to JTR as I can't get the hash with any
> available JTR tools?

The reason for confusion is 7z is not really a hash. We call it non-hash.

magnum

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.