WDef
Group: Members
Posts: 798
Joined: Sep. 2005 |
 |
Posted: Jan. 13 2008,15:24 |
 |
I have my doubts about this being a practical test for hardness at least in this particular universe and not for a passphrase built from words - nonetheless, this should work in principle with those Finnish chars in the set.
Here I'm testing it on a blowfish encrypted file 'encryptedfile' with a simple 2-char passphrase "at", which it brute force cracked in about 1 second.
Change the openssl command string to suit your rsa key cracking issue.
| Code Sample |
#!/usr/bin/perl
# curagacrack.pl
my $n = 30; # max len of passphrase
my @set = ( "ä", "ö", "a" .."z" ); # ranges and lists to permute
my $result;
sub create_perm($$){
my($cur,$max)=@_;
if($cur>=$max){
# print "$result\n";
setpgrp (0,0);
system("echo $result | 2>/dev/null /opt/tor/local/bin/openssl bf -pass stdin -d -in encryptefile -out out.txt && file -b out.txt | grep -q '^ASCII text' && echo -n 'Found passphrase: ' && echo $result && kill 0");
return;
}
for(@set){
substr($result,$cur,1)=$_;
create_perm($cur+1,$max);
}
}
for ($j=1;$j<=$n;$j++){
create_perm(0,$j);
} |
That will run the openssl command on each loop iteration (slow) and exit rudely when it is successful. For a 30 char passphrase this may not be within the lifetime of this universe; you might like to prove the concept on a short passphrase.
I found the permutation code on another board and adapted. There is other code on the perlmonks board which is probably more efficient.
It would be quicker to directly compare against the known password string also.
This doesn't filter out aaa etc. Close the shell to kill it off, I didn't put a signal trap in.
(Revision for me since if I don't so a little Perl every few months it starts to look like Finnish to me ;=) ):
|
.
DSL Market ,
Great VPS hosting provided by Tektonic
