Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Sun, 18 Oct 2015 15:02:51 +0300
From: Solar Designer <solar@...nwall.com>
To: john-users@...ts.openwall.com
Subject: encrypted PEM file cracking

Hi,

There are now two PEM file crackers, by Robert Graham:

https://github.com/robertdavidgraham/pemcrack

and by Brian Wallace:

https://github.com/bwall/pemcracker

Both were recently written.  This suggests that few people were aware
that JtR -jumbo already had this functionality.

I've just tested, and bleeding-jumbo's ssh2john along with john crack
the test.pem file included with pemcracker just fine.

Maybe we need to advertise this somehow.  Maybe create a pem2john as
symlink to ssh2john, and mention PEM in ssh_fmt_plug.c's FORMAT_NAME?

As to speeds, JtR's SSH format runs (at least on this test.pem) much
faster for me with --fork=32 (on 32 logical CPUs) than with OpenMP,
giving about 3500 c/s cumulative speed for fork vs. 955 c/s for OpenMP:

31 0g 0:00:00:28 DONE (2015-10-18 14:46) 0g/s 109.6p/s 109.6c/s 109.6C/s br0535..amelsis
komodia          (test.pem)
1 1g 0:00:00:28 DONE (2015-10-18 14:46) 0.03501g/s 109.4p/s 109.4c/s 109.4C/s br0507..komodia

komodia          (test.pem)
1g 0:00:01:44 DONE (2015-10-18 14:49) 0.009550g/s 955.0p/s 955.0c/s 955.0C/s br0507..komodia

And here's pemcracker:

[solar@...er pemcracker]$ time ./pemcracker test.pem w
Password is komodia for test.pem


real    1m39.126s
user    51m6.696s
sys     0m0.028s

This is slightly faster than JtR's OpenMP, but way slower than JtR's
--fork.  There could be lock contention inside OpenSSL, although this
process did consume 31 logical CPUs on average.  This system has
openssl-1.0.1e-30.el6_6.11.  (Perhaps many times higher speeds are
possible with custom code instead of using OpenSSL's.)

In all of these tests, I am using a wordlist file with 100k wrong
passwords followed by the correct password.  test.dict included with
pemcracker cracks the password too quickly to be used for benchmarking.

Alexander

Powered by blists - more mailing lists

Your e-mail address:

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.