Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 12 Mar 2013 21:01:23 +0100
From: magnum <john.magnum@...hmail.com>
To: john-dev@...ts.openwall.com
Subject: Re: gpg2john (was: Work needed before Jumbo-8)

On 12 Mar, 2013, at 4:01 , Lukas Odzioba <lukas.odzioba@...il.com> wrote:
> 2013/3/5 magnum <john.magnum@...hmail.com>:
>> We need someone to fix gpg2john (c++ != magnum) so it can process multiple infiles and more importantly, it must process all keys in each input file. The latter is a must IMO - at least it must emit a warning that more keys are present. Any volunteer?
> 
> Patch attached. Changes I made are pretty trivial, before me someone
> else merged and added some code to make gpg2john.c


Thanks! It works fine with my multiple keys file too. I'll commit this and I think it is barely Good Enough[tm] for Jumbo 8 now, but some things can be improved:

1. Supplying a bad file (not a key file) results in no output at all.
2. Supplying a public key file, same lack of output.
3. The full path is used for the login field.

For 1 and 2, we might want to add some warning or other output to stderr. For 3 we should definitely use the basename and ideally also strip the .gpg or .pgp extension (are .pgp files supported at all?).

> Sometimes encoded file may contain additional info about user (packet
> type 13), it looks like that:
> 
> Old: User ID Packet(tag 13)(47 bytes)
>        User ID - Random User (Just for test) <random@...dom.com>
> 
> We have got user name, comment and an email. When gpg file contains
> multiple keys it can have multiple identities.
> Currently gpg2john formats output that way:
> 	printf("%s:$gpg$*%d*%d*%d*", filename, key.m_algorithm,
> key.m_datalen, key.bits());
> In my opinion we should add an email too.


This is not a blocker for Jumbo-8 but it would be excellent if someone can fix it: We should definitely try to find this UserID field and put in the GECOS field of our output (as is - it's stored as one string and it's not trivial to split it canonically).

> Should we somehow modify copyrights?

I believe you could just add lines after the existing Copyright line:

 /*
  * pgpry - PGP private key recovery
  * Copyright (C) 2010 Jonas Gehring
+ * Modified for John the Ripper:
+ * Copyright (C) 2012 Dhiru (...)
+ * Copyright (C) 2013 Lukasz (...)
  *
  * This program is free software: you can redistribute it and/or modify	 
  * it under the terms of the GNU General Public License as published by


magnum

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ