Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sun, 28 Oct 2012 17:44:37 +0530
From: Dhiru Kholia <>
Subject: Re: ssh_fmt / privkey without using high level OpenSSL functions

On Sun, Oct 28, 2012 at 4:03 PM, Dhiru Kholia <> wrote:
> Hi,
> I tried to re-implement ssh / privkey format without using high level
> OpenSSL functions. However I didn't get a speed-up over JtR's existing
> ssh format :-(. Code is attached. Feel free to re-use it.

Update: after some hacks, it seems that it is possible to get 4.5X
speedup over existing code. Attaching latest code.

However, I am getting some false positives (during actual cracking).

✗ ../run/john -fo:fastssh crackme

Loaded 1 password hash (fast SSH RSA / DSA [32/64])
rdlwny           (rsa.key)
22282576         (rsa.key)
0brlops          (rsa.key)
rith390          (rsa.key)
jbrred!          (rsa.key)
Trcky            (rsa.key)
Bjntb            (rsa.key)
binghase         (rsa.key)
msacis17         (rsa.key)
53472211         (rsa.key)
kj83gE           (rsa.key)
bcep3u           (rsa.key)
ps6o             (rsa.key)

When I put these passwords in a dictionary, they don't work. Even
changing compiler to clang, results in different set of false
positives. There seems to be a bug in my code but I can't find it.


Can you please take a look?


View attachment "fastssh_fmt_plug.c" of type "text/x-csrc" (11025 bytes)

Download attachment "crackme" of type "application/octet-stream" (2462 bytes)

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.