Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 6 Jun 2018 16:45:51 +0100
From: Alexandre Badalo <>
Subject: Re: Brute force Easy-RSA CA key with JTR?

Nice, pem2john seems to work (at least JTR recognizes it ;) ), now let's
see if i can get mask attack (not sure how it is called on JTR) to work ;)

On 06-06-2018 07:03, magnum wrote:
> On 2018-06-05 23:46, Alexandre Badalo wrote:
>> This does not seem that promissing :/
>> Out of the box i can't get the script to work, i also tried to change
>> encrypted to RSA (to match the first "tag" case) and even removing the
>> headers, none yelded a good result
>> The tag on my priv key is "-----BEGIN ENCRYPTED PRIVATE KEY-----"
> We also have a PEM format, and, try them instead!
> magnum
>> On 05-06-2018 17:47, Solar Designer wrote:
>>> On Tue, Jun 05, 2018 at 04:49:56PM +0100, Alexandre Badalo wrote:
>>>> Can JTR brute force Easy-RSA generated CA private passphrase? I forgot
>>>> the PassPhrase for my CA but i *think* i remember some pattern that
>>>> might be on the passphrase, which should reduce a lot the brute
>>>> force time
>>> I don't have a reliable answer, but FWIW the support for cracking some
>>> SSH key formats that we have in JtR -jumbo is known to also work for
>>> OpenSSL private keys in general.  I suspect it might work for their CA
>>> private keys as well.  I didn't know what Easy-RSA was, but upon a
>>> quick
>>> look at it appears to be a wrapper
>>> around OpenSSL, so it is possible that our SSH key cracking support
>>> will
>>> just work for you as well.
>>> So please try in the run/ directory against your CA private
>>> key.  If it produces reasonably looking output, then try running john
>>> itself against that.  Do all of this using latest revisions of our code
>>> from the bleeding-jumbo branch on GitHub.  Let us know of your results.
>>> Perhaps we need to improve the naming and/or documentation for
>>> and the corresponding JtR format to account for such uses.
>>>> This is my first mail to a mailing list, i hope that this is the
>>>> way to
>>>> use it, if not, sorry :D
>>> Your use so far looks good to me.
>>> Thanks,
>>> Alexander

Download attachment "signature.asc" of type "application/pgp-signature" (834 bytes)

Powered by blists - more mailing lists

Your e-mail address:

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.