Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <20200810214529.GA2720@openwall.com>
Date: Mon, 10 Aug 2020 23:45:29 +0200
From: Solar Designer <solar@...nwall.com>
To: announce@...ts.openwall.com
Cc: john-users@...ts.openwall.com
Subject: John the Ripper in the cloud

Hi,

We've just launched Openwall Password Recovery and Password Security
Auditing Bundle in AWS Marketplace:

https://www.openwall.com/john/cloud/

We provide a pre-generated Amazon Machine Image (AMI), which lets you
start password recovery or a password security audit in minutes (if
you've used Amazon Web Services before, or you need to sign up first).

The Bundle features Amazon Linux 2 along with John the Ripper jumbo
pre-built and pre-configured with multi-GPU (via OpenCL) and multi-CPU
support (with AVX-512, AVX2, and AVX acceleration, and transparent
fallback when run on older CPUs lacking the latest AVX extensions).  The
Bundle has been tested on both GPU-enabled and CPU-only AWS instances.

Also included are the "all.lst" wordlist from the Openwall wordlists
collection, and sample Unix and Windows password hashes for testing and
learning how to use the software.

We provide a 5-day free trial, and you might actually complete your
password recovery or audit within that timeframe.  We also don't charge
for usage of the Bundle on the tiny 1 vCPU instances that are eligible
for AWS free tier, which provides free usage of some AWS services within
the first 12 months for new AWS users.  (AWS service fees apply for
usage of their hardware outside of the free tier.)  Paid usage of the
Bundle after the 5-day free trial on larger AWS instances supports our
Open Source project (and this might be one of your reasons to use the
Bundle as opposed to building from source on your own).

And yes, this build of John the Ripper jumbo works reasonably well on a
t2.micro instance, using AVX2 on the only vCPU.  Simple usage fits in
the 1 GB RAM.  So if you're new to AWS, you might get a year of free
password cracking in the cloud - not exactly fast by modern standards,
but reasonable for some simpler jobs.  For serious paid usage, we
recommend current generation GPU instances that use Tesla V100 GPUs
(starting with p3.2xlarge), or large CPU instances for hash types that
we don't support on GPU yet.  We also recommend taking advantage of AWS
spot instance pricing (currently 4x lower than on-demand pricing for the
current generation GPU instances).

Part of the motivation in creating this Bundle is to make sure we're
able to get a product like this listed in AWS Marketplace, and to gauge
the interest.  If very successful, this might enable us to invest in
developing support for the FPGAs available in AWS F1 instances as we'd
know we'd likely have this way to monetize the resulting FPGA designs
and to sustain further development and maintenance for the FPGAs in the
cloud as well as for the corresponding FPGA boards that one might buy.
We'll view paid usage of the Bundle as voting for that project to start.

Other ideas in extending the functionality include adding more of our
software (maybe Johnny the GUI with some pre-configured way to access
its remote desktop?), adding closely related third-party software (as
licenses and agreements permit, maybe with payments to support those
other projects as well), and adding cloud specifics (e.g., is anything
needed to support spot instances better?)

Any feedback and ideas are welcome on the john-users mailing list.

Alexander

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.