Date: Wed, 27 Jul 2005 23:08:03 +0200 (CEST) From: Emanuel Haupt <ehaupt@critical.ch> To: FreeBSD-gnats-submit@FreeBSD.org Subject: ports/84192: new port: security/pkcrack - A utility for breaking pkzip encryption Message-ID: <200507272108.j6RL83IT001240@beaver.critical.ch> Resent-Message-ID: <200507272110.j6RLACqB094486@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 84192 >Category: ports >Synopsis: new port: security/pkcrack - A utility for breaking pkzip encryption >Confidential: no >Severity: non-critical >Priority: medium >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: change-request >Submitter-Id: current-users >Arrival-Date: Wed Jul 27 21:10:12 GMT 2005 >Closed-Date: >Last-Modified: >Originator: Emanuel Haupt >Release: FreeBSD 5.4-RELEASE-p6 i386 >Organization: >Environment: System: FreeBSD beaver.critical.ch 5.4-RELEASE-p6 FreeBSD 5.4-RELEASE-p6 #0: Wed Jul 27 20:19:15 CEST 2005 root@beaver.critical.ch:/usr/obj/usr/src/RELENG_5_4/src/sys/BEAVER i386 >Description: new port: security/pkcrack - A utility for breaking pkzip encryption This package implements an algorithm for breaking the PkZip cipher that was devised by Eli Biham and Paul Kocher. This program applies a known plaintext attack to an encrypted file. A known-plaintext-attack recovers a password using the encrypted file and (part of) the unencrypted file. Please note that cryptographers use the word 'plaintext' for any kind of unencrypted data - not necessarily readable ASCII text. Before you ask why somebody may want to know the password when he already knows the plaintext think of the following situations: - Usually there's a large number of files in a ZIP-archive. Usually all these files are encrypted using the same password. So if you know one of the files, you can recover the password and decrypt the other files. - You need to know only a part of the plaintext (at least 13 bytes). Many files have commonly known headers, like DOS .EXE-files. Knowing a reasonably long header you can recover the password and decrypt the entire file. >How-To-Repeat: >Fix: --- pkcrack.shar begins here --- # This is a shell archive. Save it in a file, remove anything before # this line, and then unpack it by entering "sh file". Note, it may # create directories; files and directories will be owned by you and # have default permissions. # # This archive contains: # # pkcrack # pkcrack/Makefile # pkcrack/pkg-descr # pkcrack/distinfo # echo c - pkcrack mkdir -p pkcrack > /dev/null 2>&1 echo x - pkcrack/Makefile sed 's/^X//' >pkcrack/Makefile << 'END-of-pkcrack/Makefile' X# New ports collection makefile for: pkcrack X# Date created: 27 Jul 2005 X# Whom: Emanuel Haupt <ehaupt@critical.ch> X# X# $FreeBSD$ X# X XPORTNAME= pkcrack XPORTVERSION= 1.2.2 XCATEGORIES= security XMASTER_SITES= http://www.unix-ag.uni-kl.de/~conrad/krypto/pkcrack/ X XMAINTAINER= ehaupt@critical.ch XCOMMENT= A utility for breaking pkzip encryption X XUSE_GMAKE= yes XUSE_REINPLACE= yes X XWRKSRC= ${WRKDIR}/${DISTNAME}/src XPLIST_FILES= bin/pkextract bin/pkfindkey bin/pkmakekey bin/pkcrack bin/zipdecrypt XPORTDOCS= README pkzip.ps.gz X Xpost-patch: X @${REINPLACE_CMD} -e 's|^\(#include\ <\)malloc\.h>|\1stdlib.h>|' \ X ${WRKSRC}/exfunc.c \ X ${WRKSRC}/readhead.c X @${REINPLACE_CMD} -e '/<malloc\.h>/d' \ X ${WRKSRC}/extract.c \ X ${WRKSRC}/main.c \ X ${WRKSRC}/zipdecrypt.c X @${REINPLACE_CMD} -E 's/^(CC|CFLAGS)=/\1?=/' \ X ${WRKSRC}/Makefile X Xdo-install: X.for f in pkcrack zipdecrypt X ${INSTALL_PROGRAM} ${WRKSRC}/${f} ${PREFIX}/bin X.endfor X# these file names are too generic X.for f in extract findkey makekey X ${INSTALL_PROGRAM} ${WRKSRC}/${f} ${PREFIX}/bin/pk${f} X.endfor X X.if !defined(NOPORTDOCS) X ${MKDIR} ${DOCSDIR} X.for f in ${PORTDOCS} X ${INSTALL_DATA} ${WRKDIR}/${DISTNAME}/doc/${f} ${DOCSDIR} X.endfor X.endif X X.include <bsd.port.mk> END-of-pkcrack/Makefile echo x - pkcrack/pkg-descr sed 's/^X//' >pkcrack/pkg-descr << 'END-of-pkcrack/pkg-descr' XThis package implements an algorithm for breaking the PkZip cipher that was Xdevised by Eli Biham and Paul Kocher. X XThis program applies a known plaintext attack to an encrypted file. XA known-plaintext-attack recovers a password using the encrypted file and X(part of) the unencrypted file. X XPlease note that cryptographers use the word 'plaintext' for any kind of Xunencrypted data - not necessarily readable ASCII text. X XBefore you ask why somebody may want to know the password when he already knows Xthe plaintext think of the following situations: X X - Usually there's a large number of files in a ZIP-archive. Usually all these X files are encrypted using the same password. So if you know one of the files, X you can recover the password and decrypt the other files. X - You need to know only a part of the plaintext (at least 13 bytes). Many files X have commonly known headers, like DOS .EXE-files. Knowing a reasonably long X header you can recover the password and decrypt the entire file. X XWWW: http://www.unix-ag.uni-kl.de/~conrad/krypto/pkcrack.html X X- ehaupt Xehaupt@critical.ch END-of-pkcrack/pkg-descr echo x - pkcrack/distinfo sed 's/^X//' >pkcrack/distinfo << 'END-of-pkcrack/distinfo' XMD5 (pkcrack-1.2.2.tar.gz) = 41e2037ceb95fc0717f7d9ae0abe10db XSIZE (pkcrack-1.2.2.tar.gz) = 174208 END-of-pkcrack/distinfo exit --- pkcrack.shar ends here --- >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200507272108.j6RL83IT001240>