Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20050512045240.GB2194@openwall.com>
Date: Thu, 12 May 2005 08:52:40 +0400
From: Solar Designer <solar@...nwall.com>
To: announce@...ts.openwall.com
Cc: john-users@...ts.openwall.com
Subject: John the Ripper 1.6.38; contributed patches; john-users list

Hi,

After a long delay (over a year, actually), there's a new development
version of John the Ripper available off the usual location:

	http://www.openwall.com/john/

New with JtR 1.6.38:

* Official PowerPC G4/G5 AltiVec support on Mac OS X and Linux/PPC,
for 128-bit processing of DES-based hashes resulting in huge speedups.

* New make targets for Linux/PPC64 and OpenBSD/x86 with MMX.

* The bitslice DES key setup has been re-arranged for greater
parallelism achieving significant speedups at LM hashes on most modern
systems.  This change also made cracking DES-based crypt(3) hashes a
little faster when there're only a handful of different salts and thus
a non-negligible amount of processor time is spent on key setup.

* The reporting of c/s rates has been enhanced to allow for effective
c/s rates in excess of 2**32.  High c/s rates are now reported in
thousands or millions.

* A few long-standing bugs have been fixed.

* Some documentation files from John 1.6 have been updated and
included with this development version.  More are yet to come.

For those curious of the AltiVec performance, a PowerPC G5 1.8 GHz
currently achieves the following:

Benchmarking: Traditional DES [128/128 BS AltiVec]... DONE
Many salts:     1103K c/s real, 1105K c/s virtual
Only one salt:  910566 c/s real, 910566 c/s virtual

The latest Pentium 4's aren't quite there yet (with MMX code).
Although SSE support for JtR is coming, preliminary testing shows that
it won't achieve this much speedup.

Besides the new version of John, there're also quite some new and
updated contributed patches for John 1.6.37 (many or all of them
should also apply to 1.6.38, although I haven't tested this) and
for 1.6.  These include:

* Windows 2000/XP/2003 credentials cache hash support for 1.6.37, by
bartavelle.  This cracks domain logon passwords dumped with Arnaud
Pilon's CacheDump.

* Kerberos v5 TGT support for 1.6.37, by Nasko Oskov.

* Netscape LDAP SHA and SSHA (salted) password hashes support for 1.6
and 1.6.37, updates by K Evangelinos and Sun-Zero.

* MySQL passwords support for 1.6.37, patch updated by Noah Williamsson.

* Eggdrop IRC bot userfiles support for 1.6.37, by Sun-Zero.

* Apache MD5-based "apr1" support for 1.6.37, by Sun-Zero.

* Raw MD5 (hex-encoded) support for 1.6.37, by bartavelle.

All of these patches are linked from John the Ripper homepage at the
URL given above.

Finally, I've setup a mailing list where the users of John the Ripper
can share experience and ask questions.  To subscribe, send an empty
message to <john-users-subscribe at lists.openwall.com> or enter your
e-mail address into the input box on John the Ripper homepage.

-- 
Alexander Peslyak <solar at openwall.com>
GPG key ID: B35D3598  fp: 6429 0D7E F130 C13E C929  6447 73C3 A290 B35D 3598
http://www.openwall.com - bringing security into open computing environments

Content of type "application/pgp-signature" skipped

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.