-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Greetings!
I'm working on a proof-of-concept SSH key cracker: my code reads in password guesses from standard input and for each guess, calls PEM_read_PrivateKey. If that returns a valid pointer, that indicates that the password was correct. (I think I'm right so far.) This works just fine IF the first call to PEM_read_PrivateKey is with the correct password, but if it isn't, any subsequent calls fail, even if the correct password is given. Any advice would be greatly appreciated! If this isn't the right place to ask this, or if my project is inappropriate discussion material, I sincerely apologise. Thank you, Aubrey Eddleson For reference, my code: - -- ssh-crack.c -- #include <openssl/ssl.h> #include <openssl/err.h> #include <openssl/evp.h> #include <openssl/pem.h> #include <stdio.h> #include <string.h> #define BUFSIZE 64 int main(int argc, char **argv) { FILE *f; EVP_PKEY *pk; char *p; char *pass; pass = malloc(sizeof(char) * BUFSIZE); if (! pass) { fprintf(stderr, "malloc error!\n"); return 2; } f = fopen(argv[1], "r"); if (f == NULL) { fprintf(stderr, "Couldn't open '%s'!\n", argv[1]); return 2; } SSL_library_init(); for (;;) { if (fgets(pass, BUFSIZE, stdin) == NULL) { fprintf(stderr, "End of wordlist!\n"); return 1; } p = strchr(pass, '\n'); if (p) *p = '\0'; fprintf(stderr, "Trying key '%s'.\n", pass); pk = PEM_read_PrivateKey(f, NULL, NULL, (char *) pass); if (pk) { printf("Key is '%s'.\n", pass); break; } } return 0; } -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iEYEARECAAYFAkkbKJ8ACgkQhOVIaXo9kJvmwgCfUV6tnLnfaH5S+/ytsVsUoKKq k4IAn1IKMvLdmvicQrMnPMc4v0umGPau =zNaC -----END PGP SIGNATURE----- ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]