THC Fuzzy Fingerprint,
ffp-0.0.8.tar.gz
Last update 2003-10-25
[0x01] Introduction
Welcome to the mini website of the THC Fuzzy Fingerprints project.
Fuzzy fingerprinting (ffp) is a technique that extends common man-
in-the-middle attacks by generating fingerprints that closely look
like the target's public key fingerprint.
Due to the fact that fuzzy fingerprinting doesn't try to collide
the fingerprints, good results can be achieved in reasonable
time.
A rather complete documentation of the background and a sample
session is available in the fuzzy fingerprints article available
as HTML ffp.html or PDF ffp.pdf.
[0x02] The Challenge
THC is doing a little "seti@home" like competition. The challenge
is to generate the best fuzzy fingerprint for our target public
SSH host key. Here are some information on our victim's SSH public
host key.
The victim host: kimble.org
Public SSH key: kimble.org.pub
Public key algorithm: RSA
Public key length: 1024
MD5 key fingerprint: 08:54:5d:27:f8:e9:47:4e:49:8a:87:7e:03:cc:98:73
Download the fuzzy fingerprint release from the link at the top of
this page and join the competition. Compile ffp and launch the
tool against the victim host's fingerprint and key algorithm using
the following setup. (It is essential that you provide all of the
given arguments to ffp so that we are able to compare different
people's fuzzy fingerprints)
$ ffp -f md5 -k rsa -b 1024 \
-t 08:54:5d:27:f8:e9:47:4e:49:8a:87:7e:03:cc:98:73 \
-s /var/tmp/kimble.org.state
You can stop the process at any point and continue later by just
using the following comman line options.
$ ffp -s /var/tmp/kimble.org.state
[0x03] The Highscore
If you think you have "crunched" a good fuzzy fingerprint compare
its quality against the fingerprints in the list below. If you are
better than one of those listed below, send an email to
plasmoid@thc.org including the attached state file,
e.g. /var/tmp/kimble.org.state. Please also note whether you
are using a big endian or little endian (e.g. x86) system.
Target: 08:54:5d:27:f8:e9:47:4e:49:8a:87:7e:03:cc:98:73
User | Best Fuzzy Fingerprint
-------------+------------+--------------+--------------------------+-------+-----------------------------
Kill Switch | 73.221703% | 08:54:5d:27:a1:5b:82:39:f6:ba:79:df:67:6d:78:73 | ks.state (little endian)
| Running: 0d 14h 21m 00s | Total: 5035847k hashs | Speed: 97481 hashs/s
-------------+------------+--------------+--------------------------+-------+-----------------------------
Skyper | 71.278890% | 08:54:56:2c:28:d6:87:89:5e:02:a6:fd:43:c9:d8:73 | skyper.state (little endian)
| Running: 109d 15h 00m 00s | Total: 1037873082k hashs | Speed: 109577 hashs/s
-------------+------------+--------------+--------------------------+-------+-----------------------------
Ruth | 71.208378% | 08:54:5d:39:d6:20:58:b3:f0:99:39:2d:7d:2c:98:73 | ruth.state (little endian)
| Running: 63d 16h 26m 00s | Total: 602918929k hashs | Speed: 109575 hashs/s
-------------+------------+--------------+--------------------------+-------+-----------------------------
Data7 | 70.596880% | 08:54:5d:25:c6:15:03:7a:b6:77:5b:ea:02:25:c8:73 | data7.state (little endian)
| Running: 4d 08h 39m 00s | Total: 20327928k hashs | Speed: 53957 hashs/s
-------------+------------+-------------------------------------------------+-----------------------------
RD | 70.235077% | 08:54:5d:24:d5:35:3c:48:f3:02:7f:1b:d7:fc:98:7f | rd.state (little endian)
| Running: 6d 23h 51m 00s | Total: 59437023k hashs | Speed: 98363 hashs/s
-------------+------------+-------------------------------------------------+-----------------------------
Subbero | 70.175558% | 08:54:6d:27:96:be:03:93:46:48:67:e2:f4:6c:c8:73 | subbero.state (little endian)
| Running: 7d 19h 20m 00s | Total: 71883922k hashs | Speed: 106589 hashs/s
-------------+------------+-------------------------------------------------+-----------------------------
Plasmoid | 68.813225% | 08:54:52:27:16:e2:37:99:f3:cd:a1:ad:89:a5:98:d3 | pld.state (big endian)
| Running: 10d 04h 11m 00s | Total: 20354244k hashs | Speed: 23155 hashs/s
-------------+------------+--------------+--------------------------+-------+-----------------------------
OutOfBound | 66.946361% | 08:54:5d:2a:a0:63:0c:b7:66:7d:1e:c4:a4:3c:38:63 | oob.state (little endian)
| Running: 2d 17h 25m 00s | Total: 15283114k hashs | Speed: 64896 hashs/s
-------------+------------+--------------+--------------------------+-------+-----------------------------
Septi | 66.666627% | 08:54:5d:27:fb:c0:2e:32:cd:e2:4f:ad:6d:52:eb:53 | septi.state (little endian)
| Running: 5d 21h 16m 00s | Total: 657624k hashs | Speed: 1293 hashs/s
-------------+------------+--------------+--------------------------+-------+-----------------------------
Arundel | 63.615695% | 08:24:5d:07:eb:57:19:8a:00:f6:41:67:b7:90:98:73 | arundel.state (little endian)
| Running: 1d 06h 46m 00s | Total: 4926067k hashs | Speed: 44475 hashs/s
-------------+------------+--------------+--------------------------+-------+-----------------------------
Frelo | 60.857133% | 08:59:9d:27:57:9c:d6:cd:d5:a5:28:41:40:c7:94:73 | ferlo.state (little endian)
| Running: 0d 00h 17m 00s | Total: 14330k hashs | Speed: 14049 hashs/s
-------------+------------+--------------+--------------------------+-------+-----------------------------
Trippz | 60.617618% | 08:54:5d:ec:34:e7:81:f1:46:df:8a:3c:e5:36:48:75 | trippz.state (little endian)
| Running: 0d 01h 10m 00s | Total: 56503k hashs | Speed: 13453 hashs/s
-------------+------------+--------------+--------------------------+-------+-----------------------------
Pille | 57.867431% | 08:52:4d:17:2f:e4:32:ae:2a:bf:c6:2a:f3:fa:92:73 | pille.state (little endian)
| Running: 0d 00h 15m 00s | Total: 95794k hashs | Speed: 106438 hashs/s
-------------+---------------------------+--------------------------+-------------------------------------
Comments and suggestions are welcome.
Yours sincerly,
The Hackers Choice
http://www.thc.org