Score:-1

How to hack pass-protected private RSA key

cn flag

I know nothing about cryptography.

I must present a completed ASP project to my university that proves I have learned clingo. I have heard that the task of recovering the plaintext private RSA key given the one encrypted with a password is rather simple, taking about a day on an average PC. So the task seems suitable.

I am looking for papers, tutorials and implementations in other languages-- anything that would enable me to complete the task within ~3 months.

SAI Peregrinus avatar
si flag
With a secure passphrase, it'd take milennia even with all the world's computers combined. It'd only take a day if the password was chosen by a moron.
Maarten Bodewes avatar
in flag
I'm not sure that logic programming for hard problems is a good match either. Yes, search, but I'm missing the way you need to logically describe the problem. I mean, I'm kinda doubtful that it will start to build e.g. rainbow tables all by itself, or perform a dictionary attack.
cn flag
@MaartenBodewes I can't imagine even one domain in which logic programming shines. Any idea about a most relevant SE to ask about that?
Maarten Bodewes avatar
in flag
@Vorac [cs.se] maybe, but I'd ask in chat first. You should have had some background on this before. If not, please ask an instructor or professor to give a hint (and hope it isn't [the one I had](https://www.cs.vu.nl/~eliens/))!
Score:0
cn flag
jjj

The encryption of the key has nothing to do with RSA. Cracking it is as hard as cracking every other encrypted stuff using the same encryption algorithm (not RSA, because it would be encrypt symmetrically with something like AES). Best you can do is bruteforcing the password and hope it is a weak one. No magic here.

cn flag
When bruteforcing how do I test if I've cracked it or rather need to try another password?
Maarten Bodewes avatar
in flag
Usually RSA private keys are PKCS#1 encoded using a language to describe data structures (ASN.1) and its binary encoding (DER). Check out if you can find the structure, then you can be pretty certain you guessed the password / key correctly.
dave_thompson_085 avatar
cn flag
@MaartenBodewes+ PKCS8 and PKCS12 and OpenSSL 'traditional' key files use CBC with PKCS5/7 padding, which gives dead-simple detection of _most_ wrong guesses. PGP also has some redundancy that allows checking for wrong decrypt. OpenSSH new format does not have redundancy in the encryption, but does in its key format which is not PKCS1 or any other ASN.1.
mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.