Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon, 23 May 2011 00:58:24 -0700
From: Dhiru Kholia <>
Subject: Re: "SSH private keys cracker" patch for JtR [first cut
 for GSoC]

On Fri, May 6, 2011 at 12:20 PM, Solar Designer <> wrote:
> I just gave this a try (the john-1.7.7-jumbo-1-ssh-06-OpenMP.diff.gz
> revision, actually).
> It failed to build with OpenSSL 0.9.7m (as we have in Owl 3.0).  At
> least some of the build errors looked like they could be avoided with
> little effort.

Fixed. The attached new revision of the patch works fine with OpenSSL
0.9.7m and newer versions.

> "unssh" does not validate its input file format at all.  When I ran it
> on a SSH-1 private key, it produced a "$ssh2$" line anyway; then "john"
> printed an OpenSSL error on that.  When I ran it on "john" (the program
> binary), it produced a "$ssh2$" line again, which resulted in a segfault
> when loaded into "john".  Obviously, there's room for improvement here.

I have added some input keyfile verification code in the new patch. So
this problem should be gone. I will add some more checks to ssh_fmt.c
later on.

> A test SSH-2/RSA key passphrase on an OpenSSH-generated key was cracked
> just fine.  The speed reported while cracking was somehow almost twice
> lower than one reported with "--test".  I did not investigate what
> causes this.  Are the test vectors somehow of a faster to crack type?

My guess is that type of the input private key [DSA, RSA, bits] is
responsible for the variable speed. Even switching around the order of
test hashes in ssh_fmt.c should give different performance numbers
(not actually tested yet).


Thanks Alexander for the review.


Download attachment "john-1.7.7-jumbo-1-ssh-08-OpenMP.diff.gz" of type "application/x-gzip" (9645 bytes)

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.