|
Message-ID: <20200810214529.GA2720@openwall.com> Date: Mon, 10 Aug 2020 23:45:29 +0200 From: Solar Designer <solar@...nwall.com> To: announce@...ts.openwall.com Cc: john-users@...ts.openwall.com Subject: John the Ripper in the cloud Hi, We've just launched Openwall Password Recovery and Password Security Auditing Bundle in AWS Marketplace: https://www.openwall.com/john/cloud/ We provide a pre-generated Amazon Machine Image (AMI), which lets you start password recovery or a password security audit in minutes (if you've used Amazon Web Services before, or you need to sign up first). The Bundle features Amazon Linux 2 along with John the Ripper jumbo pre-built and pre-configured with multi-GPU (via OpenCL) and multi-CPU support (with AVX-512, AVX2, and AVX acceleration, and transparent fallback when run on older CPUs lacking the latest AVX extensions). The Bundle has been tested on both GPU-enabled and CPU-only AWS instances. Also included are the "all.lst" wordlist from the Openwall wordlists collection, and sample Unix and Windows password hashes for testing and learning how to use the software. We provide a 5-day free trial, and you might actually complete your password recovery or audit within that timeframe. We also don't charge for usage of the Bundle on the tiny 1 vCPU instances that are eligible for AWS free tier, which provides free usage of some AWS services within the first 12 months for new AWS users. (AWS service fees apply for usage of their hardware outside of the free tier.) Paid usage of the Bundle after the 5-day free trial on larger AWS instances supports our Open Source project (and this might be one of your reasons to use the Bundle as opposed to building from source on your own). And yes, this build of John the Ripper jumbo works reasonably well on a t2.micro instance, using AVX2 on the only vCPU. Simple usage fits in the 1 GB RAM. So if you're new to AWS, you might get a year of free password cracking in the cloud - not exactly fast by modern standards, but reasonable for some simpler jobs. For serious paid usage, we recommend current generation GPU instances that use Tesla V100 GPUs (starting with p3.2xlarge), or large CPU instances for hash types that we don't support on GPU yet. We also recommend taking advantage of AWS spot instance pricing (currently 4x lower than on-demand pricing for the current generation GPU instances). Part of the motivation in creating this Bundle is to make sure we're able to get a product like this listed in AWS Marketplace, and to gauge the interest. If very successful, this might enable us to invest in developing support for the FPGAs available in AWS F1 instances as we'd know we'd likely have this way to monetize the resulting FPGA designs and to sustain further development and maintenance for the FPGAs in the cloud as well as for the corresponding FPGA boards that one might buy. We'll view paid usage of the Bundle as voting for that project to start. Other ideas in extending the functionality include adding more of our software (maybe Johnny the GUI with some pre-configured way to access its remote desktop?), adding closely related third-party software (as licenses and agreements permit, maybe with payments to support those other projects as well), and adding cloud specifics (e.g., is anything needed to support spot instances better?) Any feedback and ideas are welcome on the john-users mailing list. Alexander
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.