Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Date: Tue, 11 Apr 2017 10:39:42 +0200
From: Albert Veli <albert.veli@...il.com>
To: john-dev@...ts.openwall.com
Subject: PEM pass phrases

Hi!

I tried to generate some .pem files and crack the pass phrase with john.
The first one worked great using sshng2john.py
(pass phrase is albert):

ssh-keygen -t rsa

-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: AES-128-CBC,D5D108D84C79EA0915DA88B1261D1C23

DgGA4+fzXE6OFQAYCuzE5K5+AQv5Tccxo0bYV/a+i9MWKhohXredASO6O2Kew5tE
EIftrg0gD/hveSoDMIV0/TukgSQTryhYNAzibEVXPJ1/8XDg9xChM0QOiz9IUejK
7q5CEUdbu2Ev7OopfRBHmrvYbXG2CGan0GEECu5+qnm9GtaXcqlMEu+SH7oDrFHZ
QHsUBmzovjtlVr9pNmGnwdicQxxsNhxUuxSIB3Qqyo7ds6ALH1XglKw+doHrq3Ct
3cjhb8YScE5eCcKKXoe5nLdbn+h9Z2RY/oMs2yRJYkPAtMTcQz5E85pIzImV9Clu
M+z1baFUpE00JqTuZgAsTM0f7dgpy43lHl60M95tsDwmYgeMS1FK/LLUP7CLmjVq
dYXL7uMJoX8cOyNIs3lHEVxIJHVg7IwE6hoUBikmHXjSQHe50WpO8foWHXNu4L3i
UIS67boqAxK7hQB7na6Sj6IaRS9UCDFDfCvCsKIjiKaR1wNrxmo3UVM1JtrWQdg6
u0ZqMuy2SfwJaKVLmP4l+GPlBNDFsYaYmrEph81OvEo7HbPgdVpymWhlfaKeCa5j
0lW95Al5nMrsr4TmsQmfKdE1iyoGrGk1xsLp9zBjazVJE6lM0wSIt+Xi56XwuT0s
mBQSwULfqF48c4DJgI/l8GnCm50vHUV4V66nc0yzXKlWRZYKi8i/YAkLxoJgBgBM
8Ob8kd55IO6UT/Oj1H/tTZIyPnH3o/s1hLg29+eP52eyckY+DaEJ37lkxftTkxPV
3WCPruPnWaQmTm+fEqbXa2ctngEXayCZiB+FweYhLW3tq/6mjKa6b6i90vxz9Jt1
vT2P+SKZX2e7Qjn8E9HqONMpXtrH0tauxvoKMrawWe13oNI083oG2TeMhAsqGIUb
1NZc/jGO4rqTUwmrCcuRL+Np8xx5Dm5YoMuBZisp8VuR2wlGgRW8uwvY9gykGelA
y0nX4/2lrhUxBV6xjKQv1j06b96oNDJYl4Hb+1RaXkMH9cngkcnY9IQzYyZwYeas
O5JiL+90FynSD3RzRqrTtzv0nnWxMubVwd1zQGt7dI5wMzFVmsRILhfWJLiIhB6+
jRtdsMEGIbUVYpLApNaWBSSlR7vy3nKFQPWV+QhfAOxXN65INLApln9k+yY6hVcE
RdBZ4ldVHHSpMRhBYa/cclHPQkBq3cAKmsFJdKuG5PPm1CvsWdXU1z3ltupXUGdg
DisJL0CVCp3fG0SQh0xzvp7FfFrtiRNNs5KtTxNqdsUchAETN+jE6uFLaheTqUGl
OwQOjAoQywT+vaO3w7xUHIaRBzvbTeTtwuP8BNpORJ8gHm8OUGPCrUH5mL9//Ylw
Dew+Biyy2JZGyXqBgAfX9o0UD2lwNsKi0krhZ1gAMeWsOzuKIt7+IfaEtOKReQVL
8D4i6UDbddydzuog7WHMZblJbrEndUprdl0AcEfbRTxDFUZIF66ThwLG2Wt0ZndG
E8xqmhw6nd42busPwdxDCWIX612BPSXuBVz/shRaX73/M5d1+o2Yk8WSAcC8JmrG
kce9UUzHFp9KxcSzTbkNBfCmby2UetysK9BPPTZoE/p5HMpdgG4blodtLZY48pwl
-----END RSA PRIVATE KEY-----

But the second one didn't work:

openssl genrsa -des3 -out albertdes.key 1024 (same passphrase)

-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: DES-EDE3-CBC,F1621D1A561534C3

qxkl7AAmdURduYnyWRpb96MagOEBMbbuuyC8LStw4qIfQxv8cCKPOHO04LuQIVah
z4KdUPoJvANdXd8E8qQD9P17/jK1IZ1sdN1ZTQur0H4oB1vk7vbwFdHOW+kfzYGl
X4hthnmV1HGb2OCJDo/kyKvBcdJyRC4caAWynhy5lqKyzT6C5w3wJw2Y2IyM0yoR
ZOvm4TkOZM4VzBZgVCgWGaElv0d2x0M89lOofUDTrmtJTVNsLSl05pfTS4llI52X
bp4dij8VA8e7brrNj4UvZbluWOWigEEep3N7oUEOwnNyKxs7kcg+ukw6DBh7472w
XT/pvlXPveUBrcj/b/JX7L1O/OuNjnqFmvQRVls/P7D8PZ3wVqJlg27BiyNPe2lW
pCAq515e0okNM+mrs1V2PMVkOFCaGZxP4+SOEvo/bMLlX487E0ui3sh7TTfWIJu/
hIJtdMrA2Wz0MDZUw2R27cOPdQ1NfQpJWqxfbsj/xvzOtIKYW4Fjb7ZvBVAtAMAO
Xos5oXr+RvrxisWQy0/VnPiLYiCTeMR750uQKVa1Vb3quhT0R6iw5FIuptD0kgRf
OxSknD19n2zT+Hgssfzjus1X5x6RhyalFKOaR0ZhxpiXlqn6sdj2zGhLSWPO2Zgq
Ae5Q4HaTffzMSh0AhwsjjzD8T6JY3Wpi08enm7nyOwviUmG/IiaBhZBY/FZmDVkS
TRFNdSjpi4wuuNRlUUiUpnlrB/JEu4M0u0pEAkXVqUKgX9QBY0y8bzLuIjtOxJRG
/Q/Csw7QUySDe6iiQVwjvE/FJu4VdmxqKQR7pbsF84oSIWDtkcdprg==
-----END RSA PRIVATE KEY-----

Both pem-files generated output from sshng2john.py

16
albert.key:$sshng$1$16$D5D108D84C79EA09 ...

and

24
albertdes.key:$sshng$0$8$0E4145493DA90ABE$1192$e ...

but only the first one was cracked by john (
https://github.com/magnumripper/JohnTheRipper.git bleeding-jumbo branch).

Did I do something wrong or is it some mode that is not implemented yet?


Regards,

Albert

Content of type "text/html" skipped

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.