Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <2086525259.3862403.1472588493338@mail.yahoo.com>
Date: Tue, 30 Aug 2016 20:21:33 +0000 (UTC)
From: Sebastian Heyn <sebastian.heyn@...oo.de>
To:  <john-users@...ts.openwall.com>
Subject: Re: Which is the correct hash?

Thanks! Wow this is quite a speed enchancement

However I gave up the idea of using many orange pi one's - the core i7 is much faster ;-) 
So I keep the fingers crossed that it will find the pass in a reasonable amount of time ;-)

Thanks

--------------------------------------------
magnum <john.magnum@...hmail.com> schrieb am Di, 30.8.2016:

 Betreff: Re: [john-users] Which is the correct hash?
 An: john-users@...ts.openwall.com
 Datum: Dienstag, 30. August, 2016 20:40 Uhr
 
 On 2016-08-30 09:59,
 Sebastian Heyn wrote:
 > The file has a
 weird structure.
 >
 >
 backup.zip <- password encrypted
 > ver
 1.0 Pic.zip->Neu Textdatei.txt PKZIP Encr: cmplen=12,
 decmplen=0, crc=0
 > ver 1.0
 Pic.zip->bilder.zip PKZIP Encr: cmplen=16969698,
 decmplen=16969686, crc=7F501B9D  <- the file itself is
 also password encrypted
 
 We
 can't know that. The fact it has a CRC doesn't mean
 it's encrypted.
 
 >
 and zip2john doesn't seem to know the -m option. Do I
 need to enable anything when configuring it?
 >
 >  ./zip2john -m
 ../../Backup.zip >backup.hash
 >
 ./zip2john: invalid option -- 'm'
 
 Ouch. I see now we have a tiny
 little (literally, one bit!) bug there. 
 Will commit a fix within minutes.
 
 magnum
 
 
 
 
 >
 --------------------------------------------
 > magnum <john.magnum@...hmail.com>
 schrieb am Mo, 29.8.2016:
 >
 >  Betreff: Re: [john-users] Which is the
 correct hash?
 >  An: john-users@...ts.openwall.com
 >  Datum: Montag, 29. August, 2016 22:37
 Uhr
 >
 >  On
 2016-08-29 21:00,
 >  Sebastian Heyn
 wrote:
 >  > I'm trying to
 >  bruteforce an old backup.zip file that i
 found after over 10
 >  years and I
 wanted to have a look at. Now I obviously forgot
 >  the password.
 > 
 > My problem is that with
 > 
 john-1.7.9 (gentoo) the zip2john script gives a pkzip
 hash
 >  which is a 92 byte file
 ($PKZIP$). However when I use
 > 
 jumbo-john from git, zip2john gives a
 > 
 >
 >  32mb hashfile containing a
 $PKZIP2 hash.  which is the
 >  correct
 one? is there any known bugs in either version?
 >  >
 >  > ->
 the pkzip hash
 >  brutes at 19k/sec
 >  > -> the pkzip2 hash
 >  brutes at 100/sec (--fork=32 gives x32
 speed)
 >  >
 > 
 > any idea which is
 >  correct hash
 to brute force?
 >
 > 
 Generic answer: Obviously the newer version.
 >  The 1.7.9 version is so
 >  very old you
 > 
 shouldn't use it other than for curious comparisons.
 I
 >
 >  can't even
 recall all changes to this
 >  format but
 some serious issues
 >  have been
 >  addressed, and quite possibly some
 performance
 >  improvements.
 >
 >  A more
 >  specific answer for your case is that
 the difference in
 >  speed you
 >  mention MAY be due to the older
 >  version defaulting to "file
 magic"
 >  whereas the newer does
 not. Does this zip file
 >  contains just
 one (or
 >  few) large file and
 >  no small ones? You can use -m as in
 "zip2john -m
 >  backup.zip >
 OUTFILE" to enable file
 >  magic
 and see where that gets you.
 >  Just
 >  beware that resorting to file magic can
 be error prone (you
 >  might
 >  end up with false negatives) and that
 >  is why we don't default to it
 anymore.
 >
 > 
 magnum
 >
 >
 >
 
 

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.