Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID: <2086525259.3862403.1472588493338@mail.yahoo.com>
Date: Tue, 30 Aug 2016 20:21:33 +0000 (UTC)
From: Sebastian Heyn <sebastian.heyn@...oo.de>
To:  <john-users@...ts.openwall.com>
Subject: Re: Which is the correct hash?

Thanks! Wow this is quite a speed enchancement

However I gave up the idea of using many orange pi one's - the core i7 is much faster ;-) 
So I keep the fingers crossed that it will find the pass in a reasonable amount of time ;-)

Thanks

--------------------------------------------
magnum <john.magnum@...hmail.com> schrieb am Di, 30.8.2016:

 Betreff: Re: [john-users] Which is the correct hash?
 An: john-users@...ts.openwall.com
 Datum: Dienstag, 30. August, 2016 20:40 Uhr
 
 On 2016-08-30 09:59,
 Sebastian Heyn wrote:
 > The file has a
 weird structure.
 >
 >
 backup.zip <- password encrypted
 > ver
 1.0 Pic.zip->Neu Textdatei.txt PKZIP Encr: cmplen=12,
 decmplen=0, crc=0
 > ver 1.0
 Pic.zip->bilder.zip PKZIP Encr: cmplen=16969698,
 decmplen=16969686, crc=7F501B9D  <- the file itself is
 also password encrypted
 
 We
 can't know that. The fact it has a CRC doesn't mean
 it's encrypted.
 
 >
 and zip2john doesn't seem to know the -m option. Do I
 need to enable anything when configuring it?
 >
 >  ./zip2john -m
 ../../Backup.zip >backup.hash
 >
 ./zip2john: invalid option -- 'm'
 
 Ouch. I see now we have a tiny
 little (literally, one bit!) bug there. 
 Will commit a fix within minutes.
 
 magnum
 
 
 
 
 >
 --------------------------------------------
 > magnum <john.magnum@...hmail.com>
 schrieb am Mo, 29.8.2016:
 >
 >  Betreff: Re: [john-users] Which is the
 correct hash?
 >  An: john-users@...ts.openwall.com
 >  Datum: Montag, 29. August, 2016 22:37
 Uhr
 >
 >  On
 2016-08-29 21:00,
 >  Sebastian Heyn
 wrote:
 >  > I'm trying to
 >  bruteforce an old backup.zip file that i
 found after over 10
 >  years and I
 wanted to have a look at. Now I obviously forgot
 >  the password.
 > 
 > My problem is that with
 > 
 john-1.7.9 (gentoo) the zip2john script gives a pkzip
 hash
 >  which is a 92 byte file
 ($PKZIP$). However when I use
 > 
 jumbo-john from git, zip2john gives a
 > 
 >
 >  32mb hashfile containing a
 $PKZIP2 hash.  which is the
 >  correct
 one? is there any known bugs in either version?
 >  >
 >  > ->
 the pkzip hash
 >  brutes at 19k/sec
 >  > -> the pkzip2 hash
 >  brutes at 100/sec (--fork=32 gives x32
 speed)
 >  >
 > 
 > any idea which is
 >  correct hash
 to brute force?
 >
 > 
 Generic answer: Obviously the newer version.
 >  The 1.7.9 version is so
 >  very old you
 > 
 shouldn't use it other than for curious comparisons.
 I
 >
 >  can't even
 recall all changes to this
 >  format but
 some serious issues
 >  have been
 >  addressed, and quite possibly some
 performance
 >  improvements.
 >
 >  A more
 >  specific answer for your case is that
 the difference in
 >  speed you
 >  mention MAY be due to the older
 >  version defaulting to "file
 magic"
 >  whereas the newer does
 not. Does this zip file
 >  contains just
 one (or
 >  few) large file and
 >  no small ones? You can use -m as in
 "zip2john -m
 >  backup.zip >
 OUTFILE" to enable file
 >  magic
 and see where that gets you.
 >  Just
 >  beware that resorting to file magic can
 be error prone (you
 >  might
 >  end up with false negatives) and that
 >  is why we don't default to it
 anymore.
 >
 > 
 magnum
 >
 >
 >
 
 

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.