Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <CANO7a6wHQYOTtgOLzEf5DY-Me_FZeTubq7Sb3mvHpL=df7n3GA@mail.gmail.com>
Date: Sat, 7 Apr 2012 17:32:12 +0530
From: Dhiru Kholia <dhiru.kholia@...il.com>
To: john-dev@...ts.openwall.com
Subject: Re: Mac OS X keychains and FileVault (was: GSoC non-hash
 office documents)

On Sun, Apr 1, 2012 at 11:34 AM, Solar Designer <solar@...nwall.com> wrote:
> http://www.ucc.asn.au/~matt/src/ - extractkeychain-0.1.tar.gz

Does this work with current version of OS X key-chains?  If yes, this
will be the most promising option for developing a JtR plug-in.

> http://www.georgestarcher.com/?page_id=256 - crowbarDMG, crowbarKC

It looks like this tool too uses OS X internal calls (people have
complained about its speed).

> There's also my own tiny keychain cracker that runs on Mac only and uses
> SecKeychainUnlock() to test various passwords (about 200 c/s at 2.0 GHz,
> does not scale beyond 1 CPU core because of locking in the system).
> I did not release it.  I also have some related notes.  I can share this
> stuff with whoever works on implementing this for JtR.

I also found a new tool : osx-keychain-brute
(http://mirror.transact.net.au/pub/sourceforge/p/project/po/potaru-pentest/,
no sources though). Looks like it calls SecKeychainUnlock function.
Claimed speed is 500 k/s.

-- 
Cheers,
Dhiru

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.