On Sat, 08 Mar 2014 07:46:06 +0100 Klaus Muth <m...@hagos.de> wrote: > Quick update. > > Since I was really interested in password security of OpenOffice, Vanessa had > not much trouble to talk me into giving it a try. So I compiled an MPI > version of john and started it on my i7-2600 4-core 3.4GHz on 7 CPUs, John > chose to use the AVX extension (no fancy graphic card - so no NUMA or CUDA) > > I had some infos (language + max pw length) from Vanessa. > > It took a total of 77h of CPU time in incremental mode (no hit in single shot > and dictionary mode) to get a 7 character all lower case password with this > setup. > > I was able to send back an unencrypted 433 pages book. > > No, I'm not that interested - I won't do that a second time. I provided all > information needed to do it yourself.
Thank you for posting this information, Klaus. It gives an idea of the complexity of the task. Can you please supply some more information: does the decryption process merely decrypt the target file, or does it as well announce the password? I'm thinking a theoretical situation, where a User has many encrypted files and has forgotten the only password. Would he need to decrypt them all individually, or could he choose to decrypt one (small, therefore hopefully fast) file and recover the password? This is purely a hypothetical question - I've long since learned never to encrypt a file! > > Am 06.03.2014 15:02, schrieb Klaus Muth: > > Ok. Tried out. You need: > > 1. Encrypted OpenDocumentFormat File (i.e. your book) > > 2. John The Ripper from http://www.openwall.com/john/, I used > > http://www.openwall.com/john/g/john-1.7.9-jumbo-7.tar.bz2 > > 3. A Linux System (There is a Windows binary too) > > > > - Now Download john, then untar it: > > tar xvfj john-1.7.9-jumbo-7.tar.bz2 > > - compile it > > cd john-1.7.9-jumbo-7/src > > make clean linux-x86-64-native > > - test it > > cd ../run > > ./john --test > > - get password hash: > > ./odf2john.py MyImportantCrypted.odt > passwd > > - crack password hash > > ./john passwd > > > > In my example it took john 17 seconds to realize that my password was > > actually 123456 - which is of course the most commonly used password ever > > and > > so one of the first tested options: > > > > ./john passwd > > Loaded 1 password hash (ODF SHA-1 Blowfish [32/64]) > > 123456 (MyImportantCrypted.odt) > > guesses: 1 time: 0:00:00:17 DONE (Thu Mar 6 14:43:10 2014) c/s: 1132 > > trying: 123456 > > > > You might need some kind of Computer Nerd and some fast hardware to crack > > your ODF Password, but that might be easy to get compared to writing your > > book again. > > > > Using passwords on the only original of a file is generally a bad idea - you > > use them to secure a copy you want to send by mail or on a stick. > > > > > > Am 06.03.2014 13:11, schrieb Vanessa Silva: > >> Hello, > >> > >> > >> i’ve written a book, took me over 200 hours, saved it with open Office > >> writer and made a Password for it. Then i didn’t use the document in a > >> while and now i forgot the Password. Please help me, i Need my book back! > >> Can i send you the document per E-Mail? can you erase dthe Password? > >> Please, i beg you. I Need it! > >> > >> > >> I’ll wait for your answer. > >> > >> > >> Vanessa Silva > >> > >> > >> > >> > >> > >> > >> Gesendet von Windows Mail > >> > > > > > > Freundliche Grüße > > > > > Freundliche Grüße > -- > Klaus Muth > HAGOS eG Industriestr. 62 fon: (+49) 711 78805-7086 > EDV-Programmierung 70565 Stuttgart fax: (+49) 711 78805-957035 > http://www.hagos.de Germany mailto:m...@hagos.de > > HAGOS Verbund deutscher Kachelofen- und Luftheizungsbauerbetriebe eG > Sitz: Stuttgart > Rechtsform: Genossenschaft > Registergericht: Stuttgart GnR 77 > Vorstände: Guido Eichel, Ralf Tigges > Aufsichtsratsvorsitzender: Thomas Müller > USt.-ID-Nr.: DE 147799748 > > ------------------------------------------- > List Conduct Guidelines: http://openoffice.apache.org/list-conduct.html > To unsubscribe, e-mail: users-unsubscr...@openoffice.apache.org > For additional commands, e-mail: users-h...@openoffice.apache.org > > -- Rory O'Farrell <ofarr...@iol.ie> ------------------------------------------- List Conduct Guidelines: http://openoffice.apache.org/list-conduct.html To unsubscribe, e-mail: users-unsubscr...@openoffice.apache.org For additional commands, e-mail: users-h...@openoffice.apache.org
