Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID: <556B74A4.4000403@gmail.com>
Date: Sun, 31 May 2015 22:52:52 +0200
From: Nicolas RUFF <nicolas.ruff@...il.com>
To: john-users@...ts.openwall.com
CC: dhiru@...nwall.com
Subject: Bugs in sshng2john.py

Hello,

There is a bug in sshng2john.py around here:
https://github.com/magnumripper/JohnTheRipper/blob/bleeding-jumbo/run/sshng2john.py#L684

There is no 'salt' variable in scope, so the next call to
generate_key_bytes(MD5, salt, password, keysize) will fail.

This bug will manifest itself only if 'limited' == False, which can
occur if DES3 and AES are properly imported from Crypto.Cipher:

https://github.com/magnumripper/JohnTheRipper/blob/bleeding-jumbo/run/sshng2john.py#L45
try:
    from Crypto.Cipher import DES3, AES
except ImportError:
    AES = Object()
    AES.MODE_CBC = ""
    DES3 = Object()
    DES3.MODE_CBC = ""
    limited = True

'salt' was originally defined as such:
https://github.com/magnumripper/JohnTheRipper/commit/4b28fd74311a652ffed67e04b47711dfee65d022#diff-df731070c411340e7a6346a93ad8c5b6R658

It disappeared with the following commit, that added support for ed25519
keys:
https://github.com/magnumripper/JohnTheRipper/commit/da8f1dfcc35e41c52ff28428e9ffd6f65e34eafd

Forcing 'limited' to True is a (tested) workaround.

However restoring the original 'salt = unhexlify(saltstr)' statement
does not work either, as the following error would be triggered in
cipher.new() afterwards:
(...)
  File "./sshng2john.py", line 689, in _read_private_key
    data = cipher.new(key, mode, salt).decrypt(data)
  File "/usr/lib/python2.7/dist-packages/Crypto/Cipher/blockalgo.py",
line 295, in decrypt
    return self._cipher.decrypt(ciphertext)
ValueError: Input strings must be a multiple of 16 in length

Sorry for not being more specific ; I am not quite sure to understand
what this code is supposed to do, since it works perfectly well with
'limited' == True :)

Regards,
- Nicolas RUFF

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.