|
Message-ID: <50CE5499.6000402@krajenski.de> Date: Mon, 17 Dec 2012 00:09:13 +0100 From: john@...jenski.de To: john-users@...ts.openwall.com Subject: Re: gpg2john -> false positive -> how to exclude? Hi magnum, thanks for your fast and detailed answer, that helps in understanding how it works. Supplying the key would be no real problem since - as you guessed correctly - this key is in no productive use anymore. Here some facts about my setup: 'make linux-x86-64-native', enabled the two "gcc with openMP" lines in the Makefile. the converted gpg2john hash is: secring.gpg:$gpg$*17*24*1024*2fd8c6834db06ddfe073fd944b6bd8dbd268163e6374ef6f*3*255*2*3*8*bf07a2f4faafa916*65536*6c7784ea65895667 the one false positive i got is in clear-text: bortaloo (which is not my phrase | and thus does not work for unlocking) output of gpg --list-secret-keys is: --------------------------- sec 1024D/615B53E0 2001-01-29 uid Donny ssb 1024g/8646A815 2001-01-29 john-version used: unstable-jumbo (from .git as zip-download via http) If you need the real secring.pgp and a ciphertext file, private email would be great :) Greets, Seb On 16.12.2012 23:15, magnum wrote: > On 16 Dec, 2012, at 21:04 , john@...jenski.de wrote: >> is it possible to let john go on with brute-forcing in incremental mode, after >> an obvious false positive is found? > Some formats are expected to have collisions, like CRC32 for instance. You can make any format behave like such by adding FMT_NOT_EXACT to the format flags in the end (normally) of the source file. In this case, this line: > > FMT_CASE | FMT_8_BIT | FMT_OMP, > > of gpg_fmt_plug.c (or opencl_gpg_fmt.c) would be > > FMT_CASE | FMT_8_BIT | FMT_OMP | FMT_NOT_EXACT, > > However, see below. > >> I recently did 'gpg2john' and finally ended up with incremental mode and got an false positive. >> I forgot my gpg-passphrase (from>10 years ago), and I know it's not the found word, besides: >> it simply does not work :) > As far as I understand from the source, it should really not emit false positives. Maybe there is a bug in the format. At worst that means once Dhiru fixes it you'd have to re-start from scratch. > > We might need more information. Were you running the CPU format or the OpenCL one? And are you using Jumbo-7 or the unstable-jumbo from git? Would you by any chance reveal the gpg key or input file (perhaps privately, to Dhiru) so we can reproduce the bug? I take it you do not use that passphrase anymore anyway :) Failing that, I guess we'd be helped by knowing what exact time key it is. > > magnum
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.