Date: Mon, 23 May 2011 00:58:24 -0700 From: Dhiru Kholia <dhiru.kholia@...il.com> To: john-dev@...ts.openwall.com Subject: Re: "SSH private keys cracker" patch for JtR [first cut for GSoC] On Fri, May 6, 2011 at 12:20 PM, Solar Designer <solar@...nwall.com> wrote: > I just gave this a try (the john-1.7.7-jumbo-1-ssh-06-OpenMP.diff.gz > revision, actually). > It failed to build with OpenSSL 0.9.7m (as we have in Owl 3.0). At > least some of the build errors looked like they could be avoided with > little effort. Fixed. The attached new revision of the patch works fine with OpenSSL 0.9.7m and newer versions. > "unssh" does not validate its input file format at all. When I ran it > on a SSH-1 private key, it produced a "$ssh2$" line anyway; then "john" > printed an OpenSSL error on that. When I ran it on "john" (the program > binary), it produced a "$ssh2$" line again, which resulted in a segfault > when loaded into "john". Obviously, there's room for improvement here. I have added some input keyfile verification code in the new patch. So this problem should be gone. I will add some more checks to ssh_fmt.c later on. > A test SSH-2/RSA key passphrase on an OpenSSH-generated key was cracked > just fine. The speed reported while cracking was somehow almost twice > lower than one reported with "--test". I did not investigate what > causes this. Are the test vectors somehow of a faster to crack type? My guess is that type of the input private key [DSA, RSA, bits] is responsible for the variable speed. Even switching around the order of test hashes in ssh_fmt.c should give different performance numbers (not actually tested yet). ... Thanks Alexander for the review. -- Cheers, Dhiru Download attachment "john-1.7.7-jumbo-1-ssh-08-OpenMP.diff.gz" of type "application/x-gzip" (9645 bytes)
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.