[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20090921061014.GA15079@openwall.com>
Date: Mon, 21 Sep 2009 10:10:14 +0400
From: Solar Designer <solar@...nwall.com>
To: announce@...ts.openwall.com
Subject: [openwall-announce] JtR 1.7.3.4 and new JtR patches; crypt_blowfish, phpass updates
Hi,
This is to announce several somewhat-related news items at once. Some
of these appeared on the Openwall website earlier:
http://www.openwall.com/news
1. I've released John the Ripper 1.7.3.4, along with an update of the
jumbo patch to this new version. Besides adding proper links to these
new releases, I've also revised the JtR homepage to make it more focused
on the currently relevant stuff:
http://www.openwall.com/john/
http://www.openwall.com/lists/john-users/2009/09/08/1
The changes made since 1.7.3.1 are intended primarily for use by
packagers of JtR, such as for *BSD "ports" and Linux distributions:
http://www.openwall.com/john/doc/CHANGES.shtml
Since version 1.7.3.1 has existed for a year and proved to be reliable,
and since the changes between 1.7.3.1 and 1.7.3.4 are so minor, 1.7.3.4
is being declared the new "stable" release.
2. We have sort of a stable version of the jumbo patch now. The
previous update, to version 1.7.3.1-all-6, was bugfix-only, and the new
update to 1.7.3.4-jumbo-1 was just that, a mere update.
http://www.openwall.com/lists/john-users/2009/08/31/1
I recommend everyone packaging JtR to update to 1.7.3.4 (and include
running "make check" with its exit code check on your package build)
and, if you have been including the jumbo patch, update that to the
newly released version as well.
3. Erik Winkler has contributed Win32 and Mac OS X builds of John the
Ripper 1.7.3.1 with revision 6 of the jumbo patch. These are now found
on the contributed resources list on the John the Ripper homepage:
http://www.openwall.com/john/#contrib
http://www.openwall.com/lists/john-users/2009/09/01/10
4. Many unofficial John the Ripper patches have been developed lately,
including JimF's generic MD5-based hash support stuff found on the wiki,
and my generic crypt(3) support patch intended primarily as an interim
solution for cracking the new glibc/Fedora/Ubuntu "SHA-crypt" hashes.
JimF's contributions:
http://www.openwall.com/lists/john-users/2009/09/06/2
http://openwall.info/wiki/john/patches
My generic crypt(3) support patch:
http://www.openwall.com/lists/john-users/2009/09/02/3
also available as john-1.7.3.1-generic-crypt-1.diff.gz in the FTP
contrib directory:
ftp://ftp.openwall.com/pub/projects/john/contrib/
Sorry, I haven't gotten around to integrating any of these into the
jumbo patch yet (and it is not certain that all are suitable for that).
5. I've released minor updates of our password hashing frameworks,
crypt_blowfish 1.0.3 (C/C++) and phpass 0.2 (PHP). Additionally,
Dmitry V. Levin has developed a patch integrating crypt_blowfish into
glibc 2.10.1, now linked from the crypt_blowfish homepage. (Previously,
only patches for older versions of glibc were available.)
http://www.openwall.com/crypt/
http://www.openwall.com/phpass/
That's all for now as it relates to our password security stuff. :-)
Alexander
Powered by blists - more mailing lists
Confused about mailing lists and their use?
Read about mailing lists on Wikipedia
and check out these
guidelines on proper formatting of your messages.
