Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers

Software you can find here (what's new?):

Openwall software releases and other related files are also available from the Openwall file archive and its mirrors. You are encouraged to use the mirrors, but be sure to verify the signatures on software you download.

The more experienced users and software developers may use our CVSweb server to browse through the source code for most pieces of Openwall software along with revision history information for each source file.

We publish articles, make presentations, and offer professional services.

We also maintain a wordlists collection for use with password crackers such as John the Ripper and with password recovery utilities, and a collection of pointers to password recovery resources on the Net.

Finally, we host community resources such as mailing lists and wiki for users of Openwall software and for other Open Source and computer security folks.

If you would like to be notified of updates to this website and the packages hosted here, please subscribe to the announcement mailing list by entering your e-mail address below or by sending an empty message to <announce-subscribe at>. You will be required to confirm your subscription by "replying" to the automated confirmation request that will be sent to you. You will be able to unsubscribe at any time and we will not use your e-mail address for any other purpose or share it with a third party. The list traffic is very low (typically 1 to 5 messages a month). You may review past announcements here.

Your e-mail address:

You may also follow us on Twitter.

August 2, 2015
New Openwall GNU/*/Linux ISO images and OpenVZ container templates are out, incorporating packages with security fixes accumulated since the previous set of ISOs was generated in January. Most notably, these include fixes for Linux kernel I/O vector array overrun (CVE-2015-1805) and OpenVZ container escape (CVE-2015-2925), glibc GHOST (CVE-2015-0235), OpenSSL FREAK (CVE-2015-0204), and BIND TKEY query DoS (CVE-2015-5477).

July 12, 2015
We've just posted online Aleksey Cherepanov's john-devkit: specialized compiler for hash cracking presentation slides from PHDays 2015.

April 28, 2015
Announcing the accepted Google Summer of Code students and progress at their projects so far.

March 10, 2015
Openwall will act as a Google Summer of Code umbrella organization for radare reverse-engineering framework. We welcome applications from students interested in Radare Summer of Code ideas.

March 3, 2015
We're a mentoring organization for Google Summer of Code 2015. Here are our proposed project ideas.

February 26, 2015
John the Ripper 1.8.0 Pro for Linux is out.

January 5, 2015
Owl 3.1-stable is available.

December 18, 2014
John the Ripper 1.8.0-jumbo-1 is out.

November 28, 2014
Solar Designer's ZeroNights 2014 presentation non-slides (actually, a game) entitled "Is infosec a game?" are now available online.

August 31, 2014
Our Passwords^14, Skytalks, and WOOT '14 presentation slides are now available online: Energy-efficient bcrypt cracking by Katja Malvoni, Solar Designer, and Josip Knezovic. This reflects progress made at this research project since we presented it last year.

May 23, 2014
Solar Designer's PHDays 2014 presentation slides are now available online: yescrypt - password hashing scalable beyond bcrypt and scrypt.

December 2, 2013
Our PasswordsCon Bergen presentation slides are now available online: Energy-efficient bcrypt cracking by Katja Malvoni and Solar Designer.

November 4, 2013
We've just turned our php_mt_seed PHP mt_rand() seed cracker from a proof-of-concept into a maintained project with its own homepage. Changes implemented in October include AVX2 and Intel MIC (Xeon Phi) support, as well as support for advanced invocation modes, which allow matching of multiple, non-first, and/or inexact mt_rand() outputs to possible seed values.

October 25, 2013
HPC Village is our new project, initially setup as a creative way to indirectly sponsor the upcoming ZeroNights 2013 convention in Moscow, Russia. This is an opportunity for HPC (High Performance Computing) hobbyists alike to program for a heterogeneous HPC platform. Participants are provided with remote access to a server with multi-core CPUs and HPC accelerator cards of different kinds - Intel MIC (Xeon Phi), AMD GPU, NVIDIA GPU. Please refer to the HPC Village project web page for a lot more detail, including for information on how to apply for an account.

October 21, 2013
Minor updates to scanlogd, popa3d, and msulogin have been released.

August 15, 2013
We've just posted online our USENIX WOOT '13 slides and paper entitled "Looking inside the (Drop) box" (Security Analysis of Dropbox), by Dhiru Kholia and Przemyslaw Wegrzyn.

May 30, 2013
John the Ripper 1.8.0 is out, including new functionality sponsored under Rapid7's Magnificent7 program.

April 24, 2013
A new version of our password/passphrase strength checking and enforcement tool set, passwdqc 1.3.0, is out.

April 11, 2013
We're a mentoring organization for Google Summer of Code 2013. Here are our proposed ideas for students' summer projects.

New snapshots of Owl-current and Owl 3.0-stable are available, including ISO images, OpenVZ container templates, binary packages for i686 and x86_64, and full sources.

News archive (since 2001)

Quick Comment:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ