Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Thu, 21 Apr 2011 15:25:23 -0700
From: Dhiru Kholia <>
Subject: Re: "SSH private keys cracker" patch for JtR [first cut
 for GSoC]

On Fri, Apr 15, 2011 at 3:06 PM, magnum <> wrote:
> I believe that first 3503C93C037175EEE450311F2B6F57F3 hash can be used in
> john.pot instead, as an identifier of the corresponding cracked file. I just
> created a couple of test key files with the same passphrase and that hash
> was unique. If implementing this you should really add a tag (like $ssh$) so
> we don't add to the current mess. So, my john.pot should have read:
> $ssh$7175EEE450311F2B6F57F33503C93C03:bingo
> using (of course) whatever DEK hash was in that file.

Thanks for the review, magnum. A new version of the patch, which
stores the entire "ssh key file" in john.pot is attached.


1. Create a text file (called keys.txt) containing filename(s) of  the
SSH private key(s) to be cracked.
2. Run unssh as "unssh keys.txt sshdump".
3. Run JtR as "john -format=ssh sshdump".


1. "john -format=ssh --show sshdump" doesn't work currently.
2. gecos handling looks hacky :-).


Download attachment "john-1.7.6-jumbo-12-ssh-06.diff.gz" of type "application/x-gzip" (11467 bytes)

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.