Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <CAO8go5S6W85E0xv++JocRwud1WOihCKrDYKDDKbOw_evSma5sA@mail.gmail.com>
Date: Tue, 17 Mar 2020 09:25:36 +0200
From: Jonathan A <pc.crumbs@...il.com>
To: john-users@...ts.openwall.com
Subject: Some 7Zip hashes can't be cracked?

Hello all,

I have a sample of an encrypted 7Zip file (I know the password). When I use
7z2john.pl on it, I get *a long hash (492 kb)*. Then when I try using john
with the known password (i.e. through stdin or wordlist) - it finishes
unsuccessfully.

However, if I create an encrypted 7Zip sample myself - *the hash is small
(112 bytes)* - and it works fine.

The only difference I could see myself between the two is that 7Zip says
the first file is encrypted with *LZMA2:768k BCJ 7zAES*. While my sample is
encrypted with  *LZMA2:12 7zAES*.

(I can share the first sample, but it has malware in it (I'm a malware
researcher), so it can't go in this email).
Am I doing something wrong? OR are there simply some methods / hashes that
john doesn't handle.

Regards,
Jonathan

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.