At that point, I load the file super.txt into a text editor and searched for the string "PRIVATE KEY". Sure enough, it popped right up. It's actually located several times in the memory dump.
I tried the small dictionary john.dict that comes with John-the-Ripper, and it didn't find anything. But of course, I don't need a real dictionary. The password is probably also in the clear in the memory dump. I could just use the file super.txt as my dictionary! I tried this, but it was taking a long time, with 150k unique lines of text. It'd take many hours to complete. To speed things up, I filtered the list for just lower-case words
grep "^[a-z]*$" super.txt | sort | uniq > super.dict
This leaves a dictionary of only 2203 words. I ran my cracking tool, and found the password in 10 seconds, "komodia".
Note that the password "komodia" is suggestive -- that's a company that makes an SSL "redirector" for doing exactly the sort of interception that SuperFish is doing. They market it as security software so you can spy on your kids, and stuff. A description of this component, their "SSL Digester", is here. They market it for "ad injection" here. That site teaches us a lot about what SuperFish can do.
