Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID: <4cc19ca20909080752te38cfcdreda9b744e296eaf0@mail.gmail.com>
Date: Tue, 8 Sep 2009 11:52:39 -0300
From: Nahuel Grisolía <nahuel.grisolia@...il.com>
To: john-users@...ts.openwall.com
Subject: Re: John and RARs or ZIPs

Oh! Nice answer! Thanx a lot! Very Educational for the list!

Nahuel.

2009/9/8 RB <aoz.syn@...il.com>

> On Tue, Sep 8, 2009 at 08:06, Nahuel Grisolía<nahuel.grisolia@...il.com>
> wrote:
> > Hey Guys, i just want to know if anyone of you has ever coded something
> to
> > use John to crack the encryption used in RARs (AES128) or ZIPs (??).
>
> This is a class of query that comes up here quite often - "can JtR be
> used to crack X?"  The answer depends largely on the implementation,
> but is generally "no": JtR doesn't directly support specific file
> formats, it handles password hashes.
>
> In clarification (and simplified terms), you need to understand the
> difference between hashing and encryption.  Hashing is a one-way
> process by which a statistically unique small value is computationally
> derived from a [typically] larger data set.  The "one-way" part is
> critical: you cannot derive the original data from a hash, only repeat
> the process and confirm you have a precise copy.  Encryption is a
> bidirectional process by which data may be converted to and from an
> opaque form by use of a secret key.  In well-designed systems,
> passwords are stored in hashed form - you cannot derive the original
> data directly from the hash, but you may hash the data you have and
> compare the two.  What JtR does is create a list of potential
> passwords, hash them, and then compare them against a specified hash
> until it finds a match (or reaches the heat death of the universe),
> hence:
>
> John the Ripper does perform any decryption.
>
> I split that out because it's incredibly important to understanding
> the role of password "crackers".  Password crackers generally do not
> do any decryption, they only bumble along (some more intelligently and
> quickly than others) trying to make up something that matches the
> known hash.
>
> If a particular file format were to be so generous as to include a
> hash of the password, it would be possible to extract that hash and,
> if necessary, create a JtR handler for the hash form.  However, most
> encrypted formats aren't so poorly designed and will happily decrypt
> with whatever key they're given, forcing the attacker to evaluate
> whether the decrypted results are valid.  That evaluation is beyond
> the scope of an application such as JtR.
>
> > How can we know if the RAR or ZIP is really desencrypted?
>
> The formats probably have internal checksums or well-known values that
> are checked post-decryption to allow validation of the key.
>
>
>

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.