-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Greetings!
I'm working on a proof-of-concept SSH key cracker: my code reads in password
guesses from standard input and for each guess, calls PEM_read_PrivateKey. If
that returns a valid pointer, that indicates that the password was correct. (I
think I'm right so far.) This works just fine IF the first call to
PEM_read_PrivateKey is with the correct password, but if it isn't, any
subsequent calls fail, even if the correct password is given.
Any advice would be greatly appreciated! If this isn't the right place to ask
this, or if my project is inappropriate discussion material, I sincerely
apologise.
Thank you,
Aubrey Eddleson
For reference, my code:
- -- ssh-crack.c --
#include <openssl/ssl.h>
#include <openssl/err.h>
#include <openssl/evp.h>
#include <openssl/pem.h>
#include <stdio.h>
#include <string.h>
#define BUFSIZE 64
int main(int argc, char **argv)
{
FILE *f;
EVP_PKEY *pk;
char *p;
char *pass;
pass = malloc(sizeof(char) * BUFSIZE);
if (! pass) {
fprintf(stderr, "malloc error!\n");
return 2;
}
f = fopen(argv[1], "r");
if (f == NULL) {
fprintf(stderr, "Couldn't open '%s'!\n", argv[1]);
return 2;
}
SSL_library_init();
for (;;) {
if (fgets(pass, BUFSIZE, stdin) == NULL) {
fprintf(stderr, "End of wordlist!\n");
return 1;
}
p = strchr(pass, '\n');
if (p)
*p = '\0';
fprintf(stderr, "Trying key '%s'.\n", pass);
pk = PEM_read_PrivateKey(f, NULL, NULL, (char *) pass);
if (pk) {
printf("Key is '%s'.\n", pass);
break;
}
}
return 0;
}
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iEYEARECAAYFAkkbKJ8ACgkQhOVIaXo9kJvmwgCfUV6tnLnfaH5S+/ytsVsUoKKq
k4IAn1IKMvLdmvicQrMnPMc4v0umGPau
=zNaC
-----END PGP SIGNATURE-----
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
