Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 15 Apr 2011 21:49:12 +0200
From: magnum <rawsmooth@...dband.net>
To: john-dev@...ts.openwall.com
Subject: Re: "SSH private keys cracker" patch for JtR [first cut
 for GSoC]

On 2011-04-15 13:02, Dhiru Kholia wrote:
> Apply the patch on top of jumbo-12 patch. See src/ssh_fmt.c for usage
> instructions. Please note that this is a very early release. I have
> also uploaded the patch to the wiki.

Scary, LOL. I created a test key using "bingo" as passphrase and it was 
*immediately* cracked (at 0:00 reported time) and that had me a little 
bit worried until it turned out it's one of the 3169 absolute worst 
passwords you can choose, i.e. it's included in john's default 
password.lst. I have a reported speed of about 100K c/s, that's not very 
scary.

I don't really like the odd handling (having an input file pointing at 
the real input files), but I'm not sure I can come up with a better idea 
myself. Maybe it'll turn out it's the best way to do it. One drawback is 
that when I created a second [same name, overwritten] testkey.rsa.pub 
with a stronger passphrase it did not load, as john.conf had recorded 
the *filename* from my "bingo" test.

Anyway, really cool. Did I hear you say OpenGL? I'm sure I did ;-)

Oh, and my second test is not cracked yet, after eight minutes, so I'm 
(very) slightly relieved.

kudos
magnum

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ