Date: Thu, 24 Jan 2013 21:38:58 +0530 From: Dhiru Kholia <dhiru.kholia@...il.com> To: john-dev@...ts.openwall.com Subject: Re: Formats ssh and ssh-ng On Thu, Jan 24, 2013 at 8:50 PM, Frank Dittrich <frank_dittrich@...mail.com> wrote: > I think ssh and/or ssh-ng formats need at least some documentation, but > preferably even some code changes. Good point. I can quickly write a "README.ssh" file explaining the usage of and the difference between these two formats. > $ ./sshng2john.py id_rsa > sshng-test > > (BTW: I had to install python-crypto on Fedora 18 to make the script work.) Can you please test the following patch to see if it makes things better? diff --git a/run/sshng2john.py b/run/sshng2john.py index 12a6f60..b08a85e 100755 --- a/run/sshng2john.py +++ b/run/sshng2john.py @@ -31,10 +31,16 @@ from hashlib import md5 as MD5 limited = False + +class Object(object): + pass + try: - from Crypto.Cipher import DES3, AES + from Crypto.Cipher import DES3, AES1 except ImportError: print >> sys.stderr, "PyCrypto is missing in your Python installation, %s is operating is limited features mode!" % sys.argv + AES = Object() + AES.MODE_CBC = "" limited = True @@ -639,7 +645,8 @@ class PKey (object): if 'proc-type' not in headers: # unencryped: done - return data + print >> sys.stderr, "%s has no password!" % f.name + return None # encrypted keyfile: will need a password if headers['proc-type'] != '4,ENCRYPTED': raise SSHException('Unknown private key structure "%s"' % headers['proc-type']) @@ -674,7 +681,7 @@ class PKey (object): return ddata except ValueError: # incorrect password return data - return None + return self.hash # dummy value def chunks(l, n): @@ -717,6 +724,8 @@ class RSADSSKey (PKey): def _from_private_key_file(self, filename, password): data = self._read_private_key_file('RSA', filename, password) + if not data: + return if limited: print self.hash return > Apparently, both formats are able to crack the same input file after > converting it using the right tool. But ssh-ng is much faster. Yes, ssh-ng is fast :-) > Why does ssh-ng have the "False positives possible" flag set? ssh-ng does partial decryption and partial ASN decoding, hence it can have false positives. > If ssh can avoid false positives, ssh-ng should be able to avoid false > positives as well, no? You are right. We can have a 100% solid verification check in ssh-ng format as well (and then remove FMT_NOT_EXACT from ssh-ng format). > This: > $ ls -l ssh*test > -rw-rw-r--. 1 fd fd 2425 Jan 24 15:51 sshng-test > -rw-rw-r--. 1 fd fd 3505 Jan 24 15:51 ssh-test > doesn't look like ssh2john is extracting less information from the > keyfile than sshng2john is. > So, shouldn't ssh-ng be able to "understand" and convert $ssh2$ hashes? > What about ssh understanding the $sshng$ hashes? IMO, we only care about ssh-ng being able to "understand" old-style $ssh2$ hashes. Yes, this is possible and at some point I might have promised Solar to implement such a feature ;) > Why do we even need two different tags? > Why different format names? ssh format is well tested and been proven to work whereas ssh-ng is highly experimental (but faster). So both formats currently co-exist. > Can't ssh-ng report "SSH RSA / DSA" instead of "ssh-ng SSH RSA / DSA"? > This would allow to pick the fastest of several benchmarks for > performance comparison in relbench. > (Of course, the format name should only be changed if both formats > understand the same canonical hash representation and if ssh-ng doesn't > produce false positives.) ssh-ng *might* produce false positives (but it hasn't so far!) and making ssh-ng understand old-style hashes requires more work (i.e. patches welcome). Hence, for now, it is better to treat them as separate formats. > What am I missing here? I hope that I have answered your questions. Thanks for the feedback. -- Dhiru
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.