[prev in list] [next in list] [prev in thread] [next in thread]
List: john-dev
Subject: Re: [john-dev] GSoC non-hash office documents
From: Dhiru Kholia <dhiru.kholia () gmail ! com>
Date: 2012-03-29 4:59:08
Message-ID: CANO7a6xZmtLbDqnC5DgU=zV5vfPDvmztH57=Q-70gacp2qdqgQ () mail ! gmail ! com
[Download RAW message or body]
On Thu, Mar 29, 2012 at 6:08 AM, Solar Designer <solar@openwall.com> wrote:
> Hi Mike,
>
> On Wed, Mar 28, 2012 at 11:23:48AM -0600, Mike Wing wrote:
>> I'm rather interested in working on some of the non-hashes for GSoC.
>> Specifically
>> the Office ones that popped up recently. Just doing a rudimentary search,
>> the MS office format (up to 2003) using XOR and RC4 appears to be fairly
>> compromised and exploitable as outlined in this paper
>> http://eprint.iacr.org/2005/007.pdf. And this has been further developed by
>> a french researcher (here:
>> http://www.esiea-recherche.eu/data/filiol_pacsec.pdf). I would like to work
>> on bringing these features to JtR.
> As you can see, Dhiru has already started work on having JtR test
> candidate passwords against Office documents - a task that is within
> scope for JtR development currently. Please feel free to compete with
> him (work on the same thing in parallel and try to make your
> implementation better in whatever ways - source code quality, speed,
> anything). Alternatively, please feel free to coordinate with him, so
> that the two of you work on the task together.
I am working on the newer Office 2007 (and possibly 2010) documents.
So, I guess there shouldn't be any conflicts. I will keep office2john
extensible enough, so that Mike can extend it to work with <= Office
2003 files.
--
Cheers,
Dhiru
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic