Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sun, 24 Apr 2011 23:08:58 +0400
From: Solar Designer <>
Subject: Re: "SSH private keys cracker" patch for JtR [first cut for GSoC]

Hi Dhiru,

Thank you for posting these draft revisions of the code.  You're doing
this just right!  (I mean the frequency of these updates.)

I haven't tested this yet (sorry!), but I am going to start to impose
some quality requirements (I think it's time).  Please see below:

On Thu, Apr 21, 2011 at 03:25:23PM -0700, Dhiru Kholia wrote:
> Thanks for the review, magnum. A new version of the patch, which
> stores the entire "ssh key file" in john.pot is attached.
> Usage:
> 1. Create a text file (called keys.txt) containing filename(s) of  the
> SSH private key(s) to be cracked.
> 2. Run unssh as "unssh keys.txt sshdump".

The "unssh" program must not directly write into any files.  Other un*
programs don't ("unique" is an exception, but it has a reason for that
and it uses O_EXCL).  Someone might run "unssh key1 key2" and have their
second key file overwritten (oops).

Instead, it should print to stdout.  Typical usage would be:

unssh .ssh/id_rsa > sshdump


unssh .ssh/id_[rd]sa* > sshdump

(and you don't need any filename globbing in your code - the shell will
take care of that for you).

You also don't need a file with a list of filenames - you pass those
filenames via the command line.

> 3. Run JtR as "john -format=ssh sshdump".

Looks fine.
The format should be autodetected due to the "$ssh$" marks, though.

> Bugs:
> 1. "john -format=ssh --show sshdump" doesn't work currently.

This will need to be fixed.  Why doesn't it work?  If you do everything
right elsewhere, it should just work, with no effort on your part.

> 2. gecos handling looks hacky :-).

I haven't reviewed your code closely enough nor tested it yet, so I
can't comment on this yet.

More quality requirements:

Please license your code such that it's usable (both by end users and by
others working on JtR):

Please start to use the proper source code style.  The coding style of
the official JtR roughly matches these "indent" program options:

indent -kr -i8 -nlp -nbbo -l79 -lc79

(these are given in Owl/doc/CONVENTIONS).

Please start to upload these patches to the wiki, to the patches page or
to the non-hashes page (your choice).  Also continue to announce them in
here.  When you have substantially-improved "stable" versions, then also
announce those on john-users.



Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.