|
Message-ID: <556B74A4.4000403@gmail.com> Date: Sun, 31 May 2015 22:52:52 +0200 From: Nicolas RUFF <nicolas.ruff@...il.com> To: john-users@...ts.openwall.com CC: dhiru@...nwall.com Subject: Bugs in sshng2john.py Hello, There is a bug in sshng2john.py around here: https://github.com/magnumripper/JohnTheRipper/blob/bleeding-jumbo/run/sshng2john.py#L684 There is no 'salt' variable in scope, so the next call to generate_key_bytes(MD5, salt, password, keysize) will fail. This bug will manifest itself only if 'limited' == False, which can occur if DES3 and AES are properly imported from Crypto.Cipher: https://github.com/magnumripper/JohnTheRipper/blob/bleeding-jumbo/run/sshng2john.py#L45 try: from Crypto.Cipher import DES3, AES except ImportError: AES = Object() AES.MODE_CBC = "" DES3 = Object() DES3.MODE_CBC = "" limited = True 'salt' was originally defined as such: https://github.com/magnumripper/JohnTheRipper/commit/4b28fd74311a652ffed67e04b47711dfee65d022#diff-df731070c411340e7a6346a93ad8c5b6R658 It disappeared with the following commit, that added support for ed25519 keys: https://github.com/magnumripper/JohnTheRipper/commit/da8f1dfcc35e41c52ff28428e9ffd6f65e34eafd Forcing 'limited' to True is a (tested) workaround. However restoring the original 'salt = unhexlify(saltstr)' statement does not work either, as the following error would be triggered in cipher.new() afterwards: (...) File "./sshng2john.py", line 689, in _read_private_key data = cipher.new(key, mode, salt).decrypt(data) File "/usr/lib/python2.7/dist-packages/Crypto/Cipher/blockalgo.py", line 295, in decrypt return self._cipher.decrypt(ciphertext) ValueError: Input strings must be a multiple of 16 in length Sorry for not being more specific ; I am not quite sure to understand what this code is supposed to do, since it works perfectly well with 'limited' == True :) Regards, - Nicolas RUFF
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.