Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID: <20151018120251.GA4520@openwall.com>
Date: Sun, 18 Oct 2015 15:02:51 +0300
From: Solar Designer <solar@...nwall.com>
To: john-users@...ts.openwall.com
Subject: encrypted PEM file cracking

Hi,

There are now two PEM file crackers, by Robert Graham:

https://github.com/robertdavidgraham/pemcrack

and by Brian Wallace:

https://github.com/bwall/pemcracker

Both were recently written.  This suggests that few people were aware
that JtR -jumbo already had this functionality.

I've just tested, and bleeding-jumbo's ssh2john along with john crack
the test.pem file included with pemcracker just fine.

Maybe we need to advertise this somehow.  Maybe create a pem2john as
symlink to ssh2john, and mention PEM in ssh_fmt_plug.c's FORMAT_NAME?

As to speeds, JtR's SSH format runs (at least on this test.pem) much
faster for me with --fork=32 (on 32 logical CPUs) than with OpenMP,
giving about 3500 c/s cumulative speed for fork vs. 955 c/s for OpenMP:

31 0g 0:00:00:28 DONE (2015-10-18 14:46) 0g/s 109.6p/s 109.6c/s 109.6C/s br0535..amelsis
komodia          (test.pem)
1 1g 0:00:00:28 DONE (2015-10-18 14:46) 0.03501g/s 109.4p/s 109.4c/s 109.4C/s br0507..komodia

komodia          (test.pem)
1g 0:00:01:44 DONE (2015-10-18 14:49) 0.009550g/s 955.0p/s 955.0c/s 955.0C/s br0507..komodia

And here's pemcracker:

[solar@...er pemcracker]$ time ./pemcracker test.pem w
Password is komodia for test.pem


real    1m39.126s
user    51m6.696s
sys     0m0.028s

This is slightly faster than JtR's OpenMP, but way slower than JtR's
--fork.  There could be lock contention inside OpenSSL, although this
process did consume 31 logical CPUs on average.  This system has
openssl-1.0.1e-30.el6_6.11.  (Perhaps many times higher speeds are
possible with custom code instead of using OpenSSL's.)

In all of these tests, I am using a wordlist file with 100k wrong
passwords followed by the correct password.  test.dict included with
pemcracker cracks the password too quickly to be used for benchmarking.

Alexander

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.