[prev in list] [next in list] [prev in thread] [next in thread] 

List:       debian-user
Subject:    Re: Cracking SSL passwords for fun and profit
From:       "Richard Hartmann" <richih.mailinglist () gmail ! com>
Date:       2008-11-27 7:58:02
Message-ID: 2d460de70811262358q1eddea82r96986c66f0247828 () mail ! gmail ! com
[Download RAW message or body]

On Thu, Nov 27, 2008 at 01:27, Douglas A. Tutty <dtutty@vianet.ca> wrote:

> Do you know what keyspace you used for your password?  i.e. how many
> (roughly) characters, were they letters, numbers, punctuation, etc?

I do remember I chose a lowsec one. I.e. it should be [a-zA-Z0-9]{6-8}


> Use your scripting language of choice (e.g. python), create a nested
> loop that generates, in a logical manner, the set of passwords in which
> the correct password will be found.  Have this script able to save to a
> file the current loop variables, and load them on startup if given the
> file name as a parameter.

Afaik, there is no easy way to feed a password into SSH. Same as
OpenSSL, it was designed _not_ to accept passwords from the
command line. For example, both will clear STDIN before prompting
for a password.
That being said, it should be doable with expect.


> If you were smart when you did your password, it will take a very long
> time.  My guess will be that its the ssh iteration that will soak up
> time, and the use of a scripting language (as opposed to compiled e.g.
> fortran, C, or Ada) will not slow it down.

True. I do not really expect to get a result, either. As I said, it's a project
for fun. I would still prefer a pre-built script as I am rather busy atm
and I would hate myself if I wrote a script and ran it for a month only to
find out that I made a mistake, somewhere ;)


Richard


-- 
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

[prev in list] [next in list] [prev in thread] [next in thread]