[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
PKCrack available (fwd)
- To: [email protected]
- Subject: PKCrack available (fwd)
- From: Anonymous <[email protected]>
- Date: Tue, 16 Nov 93 20:26:45 -0500
- Organization: Dictionary Enthusiasts of America
From: [email protected] (Vesselin Bontchev)
Newsgroups: sci.crypt
Subject: PKCrack available
Date: 16 Nov 1993 10:50:26 GMT
Organization: University of Hamburg -- Germany
Message-ID: <[email protected]>
NNTP-Posting-Host: fbihh.informatik.uni-hamburg.de
X-Newsreader: TIN [version 1.2 PL2]
Hello, everybody!
After receiving more than a dozen messages of the type "could you
please send me a copy of PKCrack", I got tired of e-mailing it and
decided to make it available via anonymous ftp. It can be obtained as
ftp.informatik.uni-hamburg.de:/pub/virus/texts/crypto/pkcrack.zip
A few remarks.
1) The archive contains the source (in C) of the program. It should
compile anywhere. Don't ask me to send you a compiler or to compile it
for you. If it happens not to compile on your machine - do the porting
yourself. Be creative. Don't ask me to teach you C if you can't
understand the program.
2) The archive also contains the file APPNOTE.TXT, from the PKZIP
distribution, which explains the format of the ZIP archive in general
and the encryption algorithm in particular. (BTW, this explains why I
put the archive in the texts directory.) The algorithm applies both
for versions 1.1 and 2.04x of PKZIP. The only difference is in the
paragraph that explains how to verify that the password entered is
correct - version 1.1 deals with a 2-byte number (as the text says),
while version 2.04x deals with a one-byte number (as the text doesn't
bother to explain).
3) The program is *trivial*. Really. It does a dictionary attack and
thus requires a dictionary - a file containing the words to try as
passwords. Don't ask me to send you one - there are many on the net.
Find one yourself. Learn to use Archie.
4) The program cannot break just any archive - it can only check
whether the archive is encrypted with one of a (possibly huge) list of
passwords.
5) If you are trying to break an archive created with PKZIP 2.04x, you
will get a lot of false positives. Averagely - once in every 256
attempts. It will help if you have several files in the archive,
encrypted with the same password. If this is the case, increase the
value of NFILES and re-compile the program (yes, I know that it should
be a run-time option). A value of 4 will give the same level of false
positives as for version 1.1, but even a value of 3 is good enough for
practial reasons.
6) If you don't know how to do anonymous ftp - learn. If your system
does not allow you to do anonymous ftp - use a ftp-by-email service.
7) If you don't have unzip for Unix - get one. Don't ask me to e-mail
you the program in source. If you don't know how to transfer files
from the mainframe to your PC - ask your system administrator, not me.
8) I have no idea who has written the program.
9) If you come up with any improvements, you are welcome to send them
to me. If they are good, I will update the program that is on the ftp
site.
Regards,
Vesselin
--
Vesselin Vladimirov Bontchev Virus Test Center, University of Hamburg
Tel.:+49-40-54715-224, Fax: +49-40-54715-226 Fachbereich Informatik - AGN
< PGP 2.3 public key available on request. > Vogt-Koelln-Strasse 30, rm. 107 C
e-mail: [email protected] 22527 Hamburg, Germany