This shows you the differences between two versions of the page.
|
non_hashes_work [2011/04/12 02:25] dhiru |
non_hashes_work [2011/04/12 03:08] (current) dhiru |
||
|---|---|---|---|
| Line 1: | Line 1: | ||
| - | == Notes == | + | delete this page. |
| - | + | ||
| - | 1. Read the manual pages! | + | |
| - | + | ||
| - | == How to trace and understand existing code == | + | |
| - | + | ||
| - | 1. Build debug versions of the package | + | |
| - | + | ||
| - | [[https://wiki.archlinux.org/index.php/Debug_-_Getting_Traces]] | + | |
| - | + | ||
| - | NOTE: At times, Makefiles and configure scripts need to be passed the debug flag. | + | |
| - | + | ||
| - | 2. Run the program under Valgrind’s callgrind tool | + | |
| - | + | ||
| - | valgrind --tool=callgrind openssl dsa -in test.key | + | |
| - | + | ||
| - | 3. Use KCachegrind for profile data visualization | + | |
| - | + | ||
| - | **Attacking SSH keys** | + | |
| - | + | ||
| - | 1. Generate test keys | + | |
| - | + | ||
| - | ssh-keygen -t dsa -f test.key | + | |
| - | openssl dsa -in test.key | + | |
| - | + | ||
| - | 2. Use KCachegrind for profile data visualization | + | |
| - | + | ||
| - | [[http://dl.dropbox.com/u/1522424/Callgrind-OpenSSL-DSA-decrypt-path.png]] | + | |
| - | + | ||
| - | **Understanding OpenSSL for cracking SSH private keys** | + | |
| - | + | ||
| - | See test folder from OpenSSL source distribution.\\ | + | |
| - | See demos/maurice folder from OpenSSL source distribution.\\ | + | |
| - | See crypto/pem/pem_all.c for usage of PEM_read_bio_PrivateKey() function.\\ | + | |
| - | Defined in crypto/pem/pem_pkey.c:EVP_PKEY *PEM_read_bio_PrivateKey()\\ | + | |
| - | Also see PEM_read_PrivateKey()\\ | + | |
| - | **Note**: All these functions are high level and seem unsuitable for brute forcing.\\ | + | |
| - | + | ||
| - | Callback Function: [[http://www.openssl.org/docs/crypto/pem.html]]\\ | + | |
| - | [[http://www.openssl.org/docs/crypto/OpenSSL_add_all_algorithms.html]]\\ | + | |
| - | [[http://www.openssl.org/docs/crypto/bio.html]]\\ | + | |
| - | [[http://www.openssl.org/docs/crypto/BIO_s_file.html]]\\ | + | |
| - | [[http://www.openssl.org/docs/crypto/pem.html]]\\ | + | |
| - | [[http://www.openssl.org/docs/crypto/pem.html#PEM_ENCRYPTION_FORMAT]]\\ | + | |
| - | [[http://www.openssl.org/docs/apps/rsa.html]]\\ | + | |
| - | [[http://www.openssl.org/docs/crypto/pem.html]]\\ | + | |
| - | [[http://www.jensign.com/opensslkey/]]\\ | + | |
| - | + | ||
| - | RFC 1421, RFC 1423 | + | |
| - | + | ||
| - | openssl pkey | + | |
| - | openssl pem | + | |
| - | + | ||
| - | **Attacking TrueCrypt Volumes** | + | |
| - | + | ||
| - | openssl speed -evp aes-256-cbc | + | |
| - | + | ||
| - | [[http://keepass.info/help/base/security.html]] | + | |
| - | + | ||
| - | + | ||
| - | **Attacking FileVault** | + | |
| - | + | ||
| - | [[http://crypto.nsa.org/vilefault/]] | + | |
| - | + | ||
| - | RAR (AES 128), ZIP, 7-Zip, PDF, M$ Office, TrueCrypt Volumes, | + | |
| - | + | ||
| - | + | ||
| - | + | ||
| - | + | ||
| - | + | ||
| - | + | ||
| - | + | ||
| - | + | ||
| - | + | ||
| - | + | ||