Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sat, 16 Apr 2011 00:06:58 +0200
From: magnum <>
Subject: Re: "SSH private keys cracker" patch for JtR [first cut
 for GSoC]

On 2011-04-15 21:49, magnum wrote:
> One drawback is that when I created a second [same name, overwritten] with a stronger passphrase it did not load, as john.conf had recorded the *filename* from my "bingo" test.

I meant, of course, john.pot and testkey.rsa.

$ tail -1 ../run/john.pot

I don't have a copy of that "bingo" testfile but the second test file 
looks like this:

$ cat testkey.rsa
Proc-Type: 4,ENCRYPTED
DEK-Info: AES-128-CBC,3503C93C037175EEE450311F2B6F57F3


I believe that first 3503C93C037175EEE450311F2B6F57F3 hash can be used 
in john.pot instead, as an identifier of the corresponding cracked file. 
I just created a couple of test key files with the same passphrase and 
that hash was unique. If implementing this you should really add a tag 
(like $ssh$) so we don't add to the current mess. So, my john.pot should 
have read:


using (of course) whatever DEK hash was in that file.

just some thoughs,

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.