Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Thu, 21 Apr 2011 15:25:23 -0700
From: Dhiru Kholia <dhiru.kholia@...il.com>
To: john-dev@...ts.openwall.com
Subject: Re: "SSH private keys cracker" patch for JtR [first cut
 for GSoC]

On Fri, Apr 15, 2011 at 3:06 PM, magnum <rawsmooth@...dband.net> wrote:
> I believe that first 3503C93C037175EEE450311F2B6F57F3 hash can be used in
> john.pot instead, as an identifier of the corresponding cracked file. I just
> created a couple of test key files with the same passphrase and that hash
> was unique. If implementing this you should really add a tag (like $ssh$) so
> we don't add to the current mess. So, my john.pot should have read:
>
> $ssh$7175EEE450311F2B6F57F33503C93C03:bingo
> using (of course) whatever DEK hash was in that file.

Thanks for the review, magnum. A new version of the patch, which
stores the entire "ssh key file" in john.pot is attached.

Usage:

1. Create a text file (called keys.txt) containing filename(s) of  the
SSH private key(s) to be cracked.
2. Run unssh as "unssh keys.txt sshdump".
3. Run JtR as "john -format=ssh sshdump".

Bugs:

1. "john -format=ssh --show sshdump" doesn't work currently.
2. gecos handling looks hacky :-).

-- 
Cheers,
Dhiru

[ CONTENT OF TYPE application/x-gzip SKIPPED ]

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ