Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID: <20100105020606.GB10239@openwall.com>
Date: Tue, 5 Jan 2010 05:06:06 +0300
From: Solar Designer <solar@...nwall.com>
To: john-users@...ts.openwall.com
Subject: Re: tutorials on the wiki

Matt, all -

This is a late reply, yet I think it is currently relevant.  We're
speaking about Matt's tutorial at:

http://sites.google.com/site/reusablesec/Home/john-the-ripper-files/tutorials

which is linked from:

http://openwall.info/wiki/john/tutorials

On Fri, Nov 20, 2009 at 07:12:40PM -0500, Charles Weir wrote:
> I just updated my copy of the installation guide for John the Ripper version
> 1.7.3.4 on a Mac OSX Snow Leopard. The main imporvements are:
> 
> 1) Added information on how to download a pre-built exectutable from the ftp
> site, (I didn't even know there were pre-built exectutables before Solar let
> me know)

Thanks.  I think that your FTP download instructions are overly
complicated, though.  I imagine that most Mac OS X users will access the
FTP server with their web browser, not with a command-line FTP client.
(The command-line works better when there's a more convenient and more
powerful FTP client installed, such as lftp.)  Although it is OK to
explicitly login as "anonymous" as you wrote, it is also OK to login as
"ftp" with any password, and the web browser (or lftp) would not even
ask for a username/password.  There's no "strict idle timeout" on the
FTP server (there is a default timeout, which I would not call strict),
and there's no "banning" (except that if you keep lots of sessions open
at once, you'll hit the per-source-address limit).  The "timeouts" and
"banning" you saw are most likely related to your network's NAT setup
(they're limitations of the gateway(s) that do NAT for you - e.g., a
WiFi AP/router or/and your ISP's router could do that).  Using a web
browser to access the server would likely hide/avoid them.

That said, since you managed to fall into this almost non-existent trap
(you could have just used a web browser), and since some networks
actually have issues accessing FTP servers in general, I think I am
going to make the Openwall FTP archive available via HTTP as well.  This
is not in place yet, but I added it to my ever-growing to-do list...
(There are already mirrors of the Openwall FTP archive that make it
available via HTTP and rsync as well, but I think I should make an
"official" setup.)

> 2) Added information on how to download and install Apple's Xcode
> 3) Provided a more 'nuanced' discussion on which machine target you should
> choose when building the executable.
> 4) General typo removal, and some parts were reworded to make them more
> readable

Great.  Thank you!

Now that we have john-1.7.4-jumbo-5, you could update the tutorial to
use that.  1.7.4 is a development version, but when the jumbo patch is
applied any version of JtR becomes sort of "development".  So I think
the stable vs. development distinction mostly matters for those who are
not using the jumbo patch.  The currently known bugs of 1.7.4 itself are
fixed in -jumbo-5.  JimF's patch has been merged into 1.7.4-jumbo-2 and
newer, and the "-m32 issue" has been addressed in 1.7.4 itself, so
you'll be able to simplify the instructions accordingly.

Thanks again,

Alexander

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.