Date: Thu, 21 Apr 2011 15:25:23 -0700 From: Dhiru Kholia <dhiru.kholia@...il.com> To: john-dev@...ts.openwall.com Subject: Re: "SSH private keys cracker" patch for JtR [first cut for GSoC] On Fri, Apr 15, 2011 at 3:06 PM, magnum <rawsmooth@...dband.net> wrote: > I believe that first 3503C93C037175EEE450311F2B6F57F3 hash can be used in > john.pot instead, as an identifier of the corresponding cracked file. I just > created a couple of test key files with the same passphrase and that hash > was unique. If implementing this you should really add a tag (like $ssh$) so > we don't add to the current mess. So, my john.pot should have read: > > $ssh$7175EEE450311F2B6F57F33503C93C03:bingo > using (of course) whatever DEK hash was in that file. Thanks for the review, magnum. A new version of the patch, which stores the entire "ssh key file" in john.pot is attached. Usage: 1. Create a text file (called keys.txt) containing filename(s) of the SSH private key(s) to be cracked. 2. Run unssh as "unssh keys.txt sshdump". 3. Run JtR as "john -format=ssh sshdump". Bugs: 1. "john -format=ssh --show sshdump" doesn't work currently. 2. gecos handling looks hacky :-). -- Cheers, Dhiru Download attachment "john-1.7.6-jumbo-12-ssh-06.diff.gz" of type "application/x-gzip" (11467 bytes)
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.