Date: Sat, 16 Apr 2011 00:06:58 +0200 From: magnum <rawsmooth@...dband.net> To: john-dev@...ts.openwall.com Subject: Re: "SSH private keys cracker" patch for JtR [first cut for GSoC] On 2011-04-15 21:49, magnum wrote: > One drawback is that when I created a second [same name, overwritten] testkey.rsa.pub with a stronger passphrase it did not load, as john.conf had recorded the *filename* from my "bingo" test. I meant, of course, john.pot and testkey.rsa. $ tail -1 ../run/john.pot testkey.rsa:bingo I don't have a copy of that "bingo" testfile but the second test file looks like this: $ cat testkey.rsa -----BEGIN RSA PRIVATE KEY----- Proc-Type: 4,ENCRYPTED DEK-Info: AES-128-CBC,3503C93C037175EEE450311F2B6F57F3 EuIoguzn+rpAAEotcqA/dvqRHsvn4yfRSGz9xaKe5PogMe7TdPzznQ2Ep8AXG3Sd ... -----END RSA PRIVATE KEY----- I believe that first 3503C93C037175EEE450311F2B6F57F3 hash can be used in john.pot instead, as an identifier of the corresponding cracked file. I just created a couple of test key files with the same passphrase and that hash was unique. If implementing this you should really add a tag (like $ssh$) so we don't add to the current mess. So, my john.pot should have read: $ssh$7175EEE450311F2B6F57F33503C93C03:bingo using (of course) whatever DEK hash was in that file. just some thoughs, magnum
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.