-1

I'm working with pycrpytodomex lib in python3. Here I'm using a passphrase while generating an RSA key:

from Cryptodome.PublicKey import RSA
def encrypt(pass1):
    key = RSA.generate(2048)
    encrypted_key = key.exportKey(passphrase=pass1, pkcs=8, protection="scryptAndAES128-CBC").decode('utf')
    return encrypted_key

I've put in a 24 char phassphrase, and this is the output:

-----BEGIN ENCRYPTED PRIVATE KEY-----
MIIFJTBPBgkqhkiG9w0BBQ0wQjAhBgkrBgEEAdpHBAswFAQIpUW82j76E18CAkAA
AgEIAgEBMB0GCWCGSAFlAwQBAgQQKDB2dU0KvLw9KvDq/pkRRgSCBNAru/ZpRI7o
pHIVVXb8iEuQUc+suZXwH9IBTJzzjMAq1iEETWSCzMB1VWz+PBJ8RmUB0qEie0Cf
Kg6/j0tw3dcZ7P48GXjzFvV4e5gaFtGy4khjGSa5/T97n/pi5oZZ7qsnJRktlxdS
1E2nceChpQwLUPdkVkeG5F3iWc2U9Pgh165m5GSg+ai3Dl7YpJEvhA7LQv55a4kZ
HuTjTnoMxakaA4ncYJoQhiZ0cGKZrnBoAWB7tAwVwnNwobTUpIuReeIJYd+B09gl
ZaiTTJQQAyJ60hRz+bQQioT2HBg1nXi+9KzwPw1AMUY0nU9Y8kUMNtjUzbv7Y2Av
2KiVtlFZ4ottihCWX9W85UQ4gQ4o4/ZyT5B4b1VMiUTO7pCaheHfqPokGU9/MzPO
aZCqDL43efebKqdJ6ZJr0aTkJlAGWxHLJrvd87Fh5yvPdkTvZh++0xHcmHigtpDB
Ufe+jJJE9Xr6VpOtecW8KkVhmC3I6MwnwyhNn3vtSRfGWZi/V23DpdwFUXb8gZSe
Qou7GdjMZ5VXalhrqbVmz1RaS4yTPkXhd71hHZHkWF6jQmNfIZaBAGum7FRF8zgz
PmHvb3nbfYAwHz/I/fHOqsFM8N9UvTnHK5JLSfhKosdUtrq3Hotu6iU7EzLgl7qt
k1yfVbKiyMUFOFbU4n8hmOKy7eVpv1UW7Dh4guq/9xd7vBRZC03gSUBhJY1lj45p
vMqeASkwVSENHoHWS+jkuPgq6IrgYsF3VPfUw3hy0xhj9PSZoArikMaifIRjVwwq
Ayltn5yAU0wbAygwrnHG64t9MdFnoy3RvWe43sG7D+6wzrz53tUKqujV1Ve7rSmG
G6HoXNvwKpVCdGaURbgpac+UaDFwSKkcPEReMMEw46HvH6/s1Ufxv/ecQb1ac0dh
DgkiSNUPSAPDOhRxiI/NzGxny50IkIcI8HwigYFZkTZn081kaps9NEV8L/KfzmNn
KnJO9H3018BMR3TAPGsntUunjfTS9bVoUlYCcbSX/Xpz+sGjWJnnF9KdbpUPLTS2
B/YwvPaU6EtoehfavWX5qIA670hiPSwSGlbdT7KVx5cTzDuk5gOQCFGNWoosoPCV
SyeNpS/IUbPpk6s2mvQRoX09XsfzTqYkApByBdErEHWinkSmyrPNRdi/NXBerWW2
EKPQQw6dwO6RkD9sAv9ncoFkW6b3kn7FiUoFEhUUeVi4tfP3YcSiKzcSvNxgdc9x
KuRzfq+HD8DgHxgY4wciJxcErK52/snrV0vvkf6l2IczQV2tw5tDWF476E0iI2cV
7+ycp9crAjfS9nuMUr2RTZV0x9J1jc8pIZyocTfLMPHaqR5P9LmKmDfoy1U29PKu
TiiFagL2Ukon1r1KAIDlfHZP6MfqTWfxyfhfAMzRCDgR4uJAZi+JEeiZg21Y7caI
tBN5A92Ymiw7jIalAdUT7t1JOwF635c/fc8m33JNYQF+v8GCDBRFoPN2YpsT5ZvJ
P2EbcCNJxcqrSrf4SJl+tPkSuJPCQfeyX3MmyI9TEN5BPlCSpsDsO6VzRuDuGkMq
/JwN4VTltFD02Zhl+KotUkEjKsWLzIcIvaMMIh9jEcT+8TvRnWgBbwTpgIw/LDtv
Gv6LSf9906/YcHVI1xJRF2yTTWVFdLF04Q==
-----END ENCRYPTED PRIVATE KEY-----

I am able to validate the passphrase with the encrycpted key string by using this function:

def decrypt(encoded_key,pass1):
    try:
        key = RSA.import_key(encoded_key, passphrase=pass1)
        return True
    except ValueError:
        return False

Supposing one only has the private key and not the passphrase (ie, you). Would it still be possible to derive the passphrase using this private key? Alternative: Would it be possible to construct any passphrase that will return True on the decrypt() function above?

Can you find out what the (or a valid) passphrase is for the above key? What computing power and time did it take?

Nikhil VJ
  • 5,630
  • 7
  • 34
  • 55
  • 1
    I'm fairly sure AES128-CBC (+scrypt) is secure enough that it's not reasonably possibly to crack the private key. Obviously, sharing your private key (even encrypted) is not a good/safe idea, but I don't think anyone can reasonably crack this. – gen_Eric Oct 25 '21 at 17:16
  • 1
    What you are proposing is a known plaintext attack: given the plaintext (the unencrypted private key) and the ciphertext (the encrypted private key) can the AES key be recovered? There are no known AES attacks against this scenario. In addition, there is a second barrier to recovering the password: the scrypt password-based KDF used to map the password into the AES key. Any attacker will go the easy route, namely password guessing. – President James K. Polk Oct 25 '21 at 23:10
  • Thanks for the inputs. So does this mean this method is good for managing passwords for website login systems? – Nikhil VJ Oct 26 '21 at 11:52
  • @NikhilVJ Are you using certificates for your login or passwords? If you are just using passwords then no, this is not what you want, you want to hash the password with something like `bcrypt`. It all depends what you are doing. For just a login on a website, this seems over-complicated when `bcrypt` should be enough there. – gen_Eric Oct 26 '21 at 15:47
  • 1
    @RocketHazmat thanks for bcrypt reference. This link gives a straightforward implementation: https://zetcode.com/python/bcrypt/ I'll consider it. – Nikhil VJ Oct 26 '21 at 17:09

1 Answers1

2

scryptAndAES128-CBC

It is not possible to derive the password from the ciphertext (to our current knowledge)

Can you find out what the (or a valid) passphrase is for the above key

The problem with passwords are people. Reusing passwords, using simple passwords,..

Usually passwords are looked up using dictionaries and combination tools. So the question is how "guessable" or random password is used.

gusto2
  • 11,210
  • 2
  • 17
  • 36
  • Gusto, isn't public key assumed to know, then knowing the private key is like password hashing here (exportKey)? The adversary will try all passwords available plus some range. – kelalaka Oct 25 '21 at 21:13