OpenSSL AES/Rijndael command-line passwords - help break one and improve the web site!

Submitted by Katy on Tue, 30/09/2008 - 15:31

This article is basically an appeal for your help, but also relates to a problem that many people will find interesting!

The old version of djkaty.com plus alot of other data relevant to many people is currently sitting in a backup encrypted at the shell using OpenSSL with the aes-256-cbc algorithm option. The password was deleted by the server host at the same time they reformatted the server's hard disk almost 2 weeks after the annual account bill was paid.

All I know about the password is that it is 8 or 9 characters and one or two of the letters and numbers that are possibly contained in it. All I know about the encrypted file is that it is a bz2 archive.

I have constructed a console application which runs a brute-force attack against the password. This will be open source and released on the site together with a detailed explanation of how it works and how it has been optimised and the keyspace pruned. It is a very interesting piece of code, but 4 computers are not enough to find the password!

I would like to appeal to anyone who:

  • would like to see all the former content of this site restored
  • is interested in contributing to a project to see how quickly 256-bit AES keys generated by OpenSSL passwords can be reverse-engineered by normal PCs
  • was a listener of our old radio station Deviant Audio and who would like to do one final act of support and get back the data we would need to contact all of the listeners and artists should the station re-launch

If you're interested in helping out, please go to the contact page, choose "AES distributed keysearch" from the subject drop-down and register your interest. The application is not currently designed for a distributed search so I would like to gauge how many people are willing to help out before committing time to developing this further. I'll be looking for 50-100 participants in the first instance so every person counts! You will not have to run your PC 24/7 to participate, and any developments and progress will be regularly reported on the web site.

Many thanks for your support!

Register your interest in cracking OpenSSL AES passwords

Post new comment

The content of this field is kept private and will not be shown publicly.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Allowed HTML tags: <a> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd> <b> <i> <u> <pre> <sup> <sub> <h2> <h3> <h4>
  • Lines and paragraphs break automatically.

More information about formatting options

CAPTCHA
This question is for testing whether you are a human visitor and to prevent automated spam submissions.
Image CAPTCHA
Copy the characters (respecting upper/lower case) from the image.

Latest articles