Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers

Software you can find here (what's new?):

Openwall software releases and other related files are also available from the Openwall file archive and its mirrors. You are encouraged to use the mirrors, but be sure to verify the signatures on software you download.

The more experienced users and software developers may use our CVSweb server to browse through the source code for most pieces of Openwall software along with revision history information for each source file.

We publish articles, make presentations, and offer professional services.

We also maintain a wordlists collection for use with password crackers such as John the Ripper and with password recovery utilities, and a collection of pointers to password recovery resources on the Net.

Finally, we host community resources such as mailing lists and wiki for users of Openwall software and for other Open Source and computer security folks.

If you would like to be notified of updates to this website and the packages hosted here, please subscribe to the announcement mailing list by entering your e-mail address below or by sending an empty message to <announce-subscribe at>. You will be required to confirm your subscription by "replying" to the automated confirmation request that will be sent to you. You will be able to unsubscribe at any time and we will not use your e-mail address for any other purpose or share it with a third party. The list traffic is very low (typically 1 to 5 messages a month). You may review past announcements here.

Your e-mail address:

You may also follow us on Twitter.

December 2, 2013
Our PasswordsCon Bergen presentation slides are now available online: Energy-efficient bcrypt cracking by Katja Malvoni and Solar Designer.

November 4, 2013
We've just turned our php_mt_seed PHP mt_rand() seed cracker from a proof-of-concept into a maintained project with its own homepage. Changes implemented in October include AVX2 and Intel MIC (Xeon Phi) support, as well as support for advanced invocation modes, which allow matching of multiple, non-first, and/or inexact mt_rand() outputs to possible seed values.

October 25, 2013
HPC Village is our new project, initially setup as a creative way to indirectly sponsor the upcoming ZeroNights 2013 convention in Moscow, Russia. This is an opportunity for HPC (High Performance Computing) hobbyists alike to program for a heterogeneous HPC platform. Participants are provided with remote access to a server with multi-core CPUs and HPC accelerator cards of different kinds - Intel MIC (Xeon Phi), AMD GPU, NVIDIA GPU. Please refer to the HPC Village project web page for a lot more detail, including for information on how to apply for an account.

October 21, 2013
Minor updates to scanlogd, popa3d, and msulogin have been released.

August 15, 2013
We've just posted online our USENIX WOOT '13 slides and paper entitled "Looking inside the (Drop) box" (Security Analysis of Dropbox), by Dhiru Kholia and Przemyslaw Wegrzyn.

May 30, 2013
John the Ripper 1.8.0 is out, including new functionality sponsored under Rapid7's Magnificent7 program.

April 24, 2013
A new version of our password/passphrase strength checking and enforcement tool set, passwdqc 1.3.0, is out.

April 11, 2013
We're a mentoring organization for Google Summer of Code 2013. Here are our proposed ideas for students' summer projects.

New snapshots of Owl-current and Owl 3.0-stable are available, including ISO images, OpenVZ container templates, binary packages for i686 and x86_64, and full sources.

December 6, 2012
Our Passwords^12 presentation slides are now available online. These are Simon Marechal's (aka Bartavelle) Distributable probabilistic candidate password generators and Automatic wordlists mangling rules generation, as well as a new revision of Password security: past, present, future, now co-authored by Solar Designer and Simon Marechal.

November 23, 2012
New developments in password hashing: ROM-port-hard functions slides from Solar Designer's ZeroNights 2012 talk are now online.

October 17, 2012
John the Ripper has been selected for Rapid7's Magnificent7 program, which will enable us to implement parallel and distributed processing enhancements sooner rather than later.

Simon Marechal (aka Bartavelle), a longtime contributor to John the Ripper, will speak at Passwords^12 (December 3-5, Oslo, Norway).

October 5, 2012
Solar Designer's Password hashing at scale (for Internet companies with millions of users) slides from YaC 2012 are now online.

September 20, 2012
JtR 1.7.9-jumbo-7 is a bugfix-mostly release. Besides the many bugfixes (mostly for issues introduced with -jumbo-6), this release adds support for cracking KeePass 2.x and RAdmin 2.x passwords, more varieties of PKZIP archives, GPU support under recent Mac OS X, speedup at many of the previously supported formats, and many minor features and documentation updates.

At the same time, we've also released php_mt_seed, a PHP mt_rand() seed cracker capable of testing all 232 seeds in 1 minute on an inexpensive CPU.

Finally, some of you might like to attend Solar Designer's talk at YaC 2012 (October 1, Moscow, Russia). The topic is future password hashing setups for Internet companies with millions of users and passwords. In a sense, this will be a continuation of the PHDays talk, with focus on specific challenges faced at and solutions affordable to this sort of companies.

August 18, 2012
A new snapshot of Owl-current is available, including ISO images, OpenVZ container templates, binary packages for i686 and x86_64, and full sources. Changes since the previous set of ISOs and templates (May 8, 2012) include a further minor update of the Linux/OpenVZ kernel to latest "testing" version in OpenVZ's RHEL5-based branch (with our usual changes on top of that), new versions of binutils, tcsh, xinetd, and OpenSSL (the latter two with minor security fixes), and minor changes to many Owl packages. The system has been rebuilt with the new binutils, which required some tweaks in various packages (now included, so further rebuilds work seamlessly). This mostly conservative update of Owl-current is a precursor to a similar update to 3.0-stable (except for the binutils upgrade and some other things), and to more aggressive changes in Owl-current.

June 29, 2012
John the Ripper 1.7.9-jumbo-6 is the very first release to have GPU support (CUDA and OpenCL) integrated. It is also the biggest -jumbo update so far, with over 40,000 lines of code added since -jumbo-5. Besides GPU support, this release adds support for Mac OS X keychains, KeePass 1.x, Password Safe, ODF and Office 2007/2010 files, Firefox/Thunderbird master passwords, RAR -p mode, WPA-PSK, VNC and SIP challenge/responses, HMAC-SHA-*, IBM RACF, built-in SHA-crypt, DragonFly BSD SHA-2, Django, Drupal 7, WoltLab BB3, new EPiServer, GOST R 34.11-94, LinkedIn raw SHA-1 flavor - with OpenMP, CUDA, and/or OpenCL for many of these. Additionally, optimizations were made and OpenMP/CUDA/OpenCL added for many of the previously-supported hashes and ciphers. AMD XOP support was added for MD4, MD5, and SHA-1, for at least a 20% speedup on Bulldozer at hashes building on these primitives and making use of the SIMD interface. Many main program features and tiny new programs were added.

June 1, 2012
PHDays 2012 was great! The slides from our "Password security: past, present, future" presentation are now online.

May 20, 2012
Solar Designer of Openwall will speak at Positive Hack Days on the future of password hashing (May 30-31, Moscow, Russia).

May 8, 2012
A new snapshot of Owl-current is available, including ISO images, OpenVZ container templates, binary packages for i686 and x86_64, and full sources. Significant changes since the previous set of ISOs and templates (October 26, 2011) include update of the Linux/OpenVZ kernel to one based on RHEL 5.8's, GCC update to 4.6.3, "gcc -Wl,-z,relro -Wl,-z,now" by default as a security hardening measure, John the Ripper 1.7.9+ with enabled OpenMP parallelization, move to ISOLINUX for the bootloader for the ISOs, building of glibc's UTF-8 locales by default (despite of the size increase), new versions of OpenSSL, lftp, strace, hdparm.

March 17, 2012
As many of you are aware, Openwall participated in Google Summer of Code (GSoC) last year. We worked with 5 students under the GSoC program, we got useful stuff done (with some of it being in mainline Linux kernels and in released versions of John the Ripper now), and we met new people some of whom are now involved with our projects. So we're doing it again: Openwall is a mentoring organization for Google Summer of Code 2012. Interested students are welcome to check out our ideas page and contact us.

Openwall wordlists collection now comes with a bonus - two lists of passwords commonly generated by pwgen 2.06 with default settings for output to a tty and non-tty. These contain 44 and 45.5 million entries and they crack 21% and 75% of passwords of the corresponding kind - for tty and non-tty, respectively. pwgen is a fairly popular command-line password generator program for Unix systems. It is part e.g. of Debian and Ubuntu.

December 18, 2011
John the Ripper 1.7.9-jumbo-5 is out, including a build for Windows. This revision adds support of RADIUS shared secrets and SHA-0, it has faster MSSQL (old and 2005), MySQL (SHA-1 based), and Lotus5 hashing (the latter with optional OpenMP parallelization), and it includes many other enhancements as well.

December 11, 2011
John the Ripper 1.7.9 official build for Windows is available.

November 23, 2011
John the Ripper 1.7.9 has OpenMP parallelization of bitslice DES and of MD5-crypt integrated. It includes many other enhancements as well.

November 9, 2011
John the Ripper 1.7.8-jumbo-8 is out. This revision adds optional OpenMP parallelization for MD5-based crypt(3) and Apache $apr1$ hashes when building with SSE2 intrinsics, as well as for SAP CODVN B (BCODE) and SAP CODVN G (PASSCODE). Many other enhancements have been made as well. Also added is a benchmark comparison tool.

October 31, 2011
New Openwall t-shirt designs are now available: gentleman John the Ripper (alternate version), common passwords crossword, I love john.pot.

October 26, 2011
An update of Owl 3.0-stable is available, including ISOs, OpenVZ container templates, binary packages for i686 and x86-64, and indeed the sources. It includes kernel update to OpenVZ's latest stable RHEL 5.7-based (with our usual changes), security fixes to RPM (originally made and tested in Owl-current) and to pam_env (which was not in use on default installs of Owl), timezone data update (critical for Russia and some other countries), and introduction of the hardlink(1) program.

At the same time, Owl-current has moved to GCC 4.6.1. This is a major development milestone towards Owl 4.0.

October 10, 2011
A new snapshot of Owl-current is available, including a complete set of components: ISO images, OpenVZ container templates, binary packages for i686 and x86_64, and indeed the source code. Significant changes since the previous set of ISOs and templates (those of Owl 3.0-stable this time, generated a month ago) include update of the Linux/OpenVZ kernel to one based on RHEL 5.7's, introduction of tzdata package with up-to-date timezone data, and a security fix to Owl's package of RPM (the package manager).

October 5, 2011
Openwall t-shirts are now available from 0-day Clothing.

September 21, 2011
John the Ripper 1.7.8-jumbo-7 is out. In this version, support for cracking of encrypted PKZIP archives, Mac OS X 10.7 salted SHA-512 password hashes, and DES-based tripcodes has been added, and lots of other enhancements have been made (way too many to list right here).

September 9, 2011
Openwall GNU/*/Linux 3.0-stable has been updated to include almost all changes made and tested in Owl-current in recent months, including new package additions, and excluding only changes that would break binary compatibility with the 3.0 release (specifically, Owl-current's OpenSSL update and related changes are excluded from 3.0-stable). New ISO images and OpenVZ container templates of Owl 3.0-stable are available for i686 and x86_64.

August 18, 2011
Some of the most active members of the john-users mailing list hosted by Openwall participated in KoreLogic's "Crack Me If You Can" password cracking contest at DEFCON earlier this month, as team john-users. Openwall provided the team with a contest server, which was used to coordinate activities of the team's members, to exchange files, and to automatically submit cracked passwords to the contest organizers. The team consisted of 16 active members who ran John the Ripper and a few other tools on a total of over a hundred of CPU cores (estimated at 150 average, 300 peak) over the 48-hour period. We ended up taking 3rd place overall (out of 22), and we're first for 5 out of 20 hash types. Additionally, we temporarily held 1st place during the contest at two times. The contest was fun and challenging, it helped us test some experimental John the Ripper code and identify areas for further improvement. Today, we're making available our writeup on our experience in the contest.

August 3, 2011
John the Ripper 1.7.8-jumbo-5 is out, adding support for more character encodings via the new "--encoding" option (utf-8, iso-8859-1, koi8-r, cp1251) and support for raw SHA-224, SHA-256, SHA-384, and SHA-512 hashes.

July 27, 2011
A new snapshot of Owl-current is available, including ISO images, OpenVZ container templates, binary packages for i686 and x86_64, and indeed the source code. Significant changes since the previous set of ISOs and templates (generated on March 12) include updates of the RHEL5/OpenVZ Linux kernel, strace, Nmap, John the Ripper, iputils, iproute2, and LILO to new upstream versions, security fixes and security-relevant enhancements to Owl's packages of the kernel, iptables, RPM, glibc (crypt_blowfish upgrade to 1.2), and addition of limited support for LSISAS8208ELP disk controllers.

July 24, 2011
John the Ripper 1.7.8-jumbo-4 adds compile-time plugins, much faster MSCash2 (now uses SSE2, optionally along with OpenMP), enhanced "generic MD5" (makes available more of the MD5 and SHA-1 based hash types under more of the build targets).

John the Ripper 1.7.8 has been built for Android.

July 17, 2011
crypt_blowfish 1.2 and tcb 1.1 have been released. crypt_blowfish 1.2 adds a countermeasure to avoid one-correct to many-buggy hash collisions with the "$2a$" prefix, and both crypt_blowfish and tcb move to the new prefix of "$2y$" to denote correctly computed hashes that don't need the countermeasure.

July 3, 2011
John the Ripper 1.7.8-jumbo-2 adds support for cracking of password-protected WinZip archives with AES encryption, due to Dhiru Kholia's work under Google Summer of Code 2011.

A while ago, Piotr 'aniou' Meyer has contributed instructions on how to use the NetBSD Packages Collection on Openwall GNU/*/Linux (Owl).

June 22, 2011
John the Ripper 1.7.8 has been released, with DES S-box gate count reduced by 17% compared to the S-box expressions that we had been using in prior versions. This is made possible due to research by Roman Rusakov, sponsored by Rapid7.

June 21, 2011
crypt_blowfish version 1.1 fixes the 8-bit character handling vulnerability (CVE-2011-2483) and adds more self-tests. Any copies of older crypt_blowfish code must be upgraded.

June 8, 2011
John the Ripper 1.7.7-jumbo-6 integrates preliminary support for several non-hashes, implemented under Dhiru Kholia's GSoC 2011 project. Specifically, it supports cracking of OpenSSH's passphrase-protected SSH protocol 2 private keys (with OpenMP parallelization), password-protected PDF files with 40-bit and 128-bit RC4 encryption, and some password-protected RAR archives. At the same time, it integrates support for password hashes of Sybase ASE (also by Dhiru), hmailserver (by James Nobis), and MediaWiki "B" type (by JimF). As usual, we've added many minor enhancements as well.

June 6, 2011
We've just released version 1.0 of blists, our web interface to mailing list archives that works off indexed mbox files. Please feel free to use it for your own mailing lists.

We've setup a new mailing list, kernel-hardening. The intent is to use it to discuss proposed security hardening changes to the Linux kernel before possibly bringing them to LKML, as well as to CC it on relevant LKML threads. It is also OK to discuss hardening changes that are not meant for upstream.

June 3, 2011
John the Ripper 1.7.7-jumbo-5 is out. This is possibly the largest single jumbo patch update made so far. In this revision, MD5 and SHA-1 based hashes have been sped up with SSE2/AVX intrinsics, md5_gen has been expanded with more MD5-based hash types, UTF-8 support has been added (the "--utf8" option), MPI parallelization support for all cracking modes has been integrated, and OpenMP parallelization support has been added to a few more hash types. At the same time, three new formats have been added: mskrb5 (offline attack on MS Kerberos 5 pre-authentication data), rawMD5unicode (MD5 of UCS-2 encoded plaintext), and salted_sha1 (faster handling of some LDAP {SSHA} hashes). The "unique" program, Markov mode, ETA display, and programming interfaces have been enhanced.

Our web interface to archives of Openwall's, Openwall-hosted, and other relevant mailing lists has been enhanced to include month and day index pages with message subjects and authors (finally).

We have started to accept bitcoin donations to support our project.

April 28, 2011
John the Ripper 1.7.7 is out, along with 1.7.7-jumbo-1 and updated DES/OpenMP patches, adding Intel AVX and AMD XOP support, cracking of plaintext passwords (for faster testing and tuning), several kinds of warning messages (intended primarily for inexperienced users), official support for Apache "$apr1$" MD5-based password hashes (previously only supported in jumbo), and more. This release has been sponsored by Rapid7 - a leading provider of unified vulnerability management and penetration testing solutions.

April 26, 2011
We've accepted 5 great students under the Google Summer of Code program. However, many more had applied, and we'd love to work with some of those who we couldn't accept specifically under the GSoC program. Thus, our own Summer of Security program is born.

We've setup several new mailing lists: crypt-dev (design and implementation of a new password hashing method for servers), musl (discussions around musl, a new standard C library for Linux), and sabotage (discussions around Sabotage Linux, an experimental distribution based on musl and BusyBox).

March 19, 2011
Openwall is a mentoring organization for Google Summer of Code 2011 (GSoC). Here's our GSoC organization profile and our ideas list (includes ideas on Owl, JtR, and more). We'd like to hear from students interested in working on any of the ideas (or on their "own creative and relevant idea"), as well as from prospective mentors. We're already aware of some. :-)

Nmap project summarizes GSoC as follows: "This innovative and extraordinarily generous program provides $5,000 stipends to 1,000+ college and graduate students to create and enhance open source software during their summer break. Students gain valuable experience, get paid, strengthen their resume, and write code which will be distributed freely and used by millions of people!"

March 13, 2011
The 2011/03/12 Owl-current snapshot has finally deviated from Owl 3.0 and RHEL4 binary compatibility (moving towards RHEL6 binary compatibility) by updating OpenSSL to 1.0.0d. Besides OpenSSL, we've updated vsftpd to 2.3.4 (remote DoS vulnerability fix, CVE-2011-0762), patchutils to 0.3.2, and the Linux kernel to OpenVZ's latest "RHEL5 testing" one (-238.5.1.el5.028stab085.2) with our usual changes.

At the same time, we've made the first pre-compiled snapshot of Owl 3.0-stable available. Compared to the 3.0 release, Owl 3.0-stable 2011/03/12 corrects a VIM packaging error, a vulnerability in the patch(1) program (CVE-2010-4651), two vulnerabilities in OpenSSL (CVE-2010-4180, CVE-2009-0590), which were at worst of moderate severity, and it updates vsftpd to 2.3.4 (CVE-2011-0762 fix) and patchutils to 0.3.2.

Earlier this month, we've setup public mailing lists for discussions around development of Openwall GNU/*/Linux (owl-dev) and John the Ripper (john-dev). Previously, only user community public mailing lists existed for these projects (owl-users and john-users, respectively).

March 2, 2011
The OpenVZ virtualization blog has posted an interview with Solar Designer on Owl, OpenVZ, and more.

February 17, 2011
John the Ripper 1.7.6-jumbo-12 is out. This revision corrects the "generic MD5" self-test bug (introduced in -jumbo-10). It also enhances the MSCash and MSCash2 OpenMP parallelization to adjust the number of key slots according to the number of threads.

February 12, 2011
We've released another Owl-current snapshot. This one uses a fresh OpenVZ "RHEL5 testing" kernel (with our usual changes), and it has a patch(1) vulnerability fixed (CVE-2010-4651). Besides the fixes, we've added the usb_modeswitch package - a mode switching tool for controlling "flip flop" (multiple device) USB gear - along with usb_modeswitch-data and libusb-compat.

There's a new lightweight libc (standard C library) for Linux-based devices. It's called musl. This is a project of Eta Labs rather than Openwall, yet we're pleased that musl supports our /etc/tcb/*/shadow files natively.

February 6, 2011
We've made available the first Owl-current snapshot after our 3.0 release (new ISO images, OpenVZ container templates, and indeed packages and sources). Since the release, we've moved from RHEL 5.5-based to RHEL 5.6-based Linux/OpenVZ kernels, added support for non-raw (datagram) ICMP sockets and made use of said support in ping(1), added several new packages (ethtool, pv ("Pipe Viewer"), bridge-utils, libusb1, usbutils, vconfig), updated to latest upstream versions of LILO, e2fsprogs, Nmap (adding Nping), and made some other enhancements and corrections. Additionally, we've enhanced our infrastructure such that Owl snapshots (and not just releases) are now always PGP-signed.

John the Ripper jumbo patch revision 1.7.6-jumbo-11 is out. This revision corrects an x86-64-specific NTLM bug, improves self-tests (which uncovered another bug, not yet fixed), adds support for cracking MSCash2 (Domain Cached Credentials of modern Windows systems) with optional OpenMP parallelization, and adds similar OpenMP parallelization for the original MSCash. We'd like to thank bartavelle and S3nf for their contributions to this update.

Additionally, Simon John has built unofficial RPM packages of JtR for 64-bit Fedora. These are of the brand new 1.7.6-jumbo-11 with OpenMP parallelization enabled, as well as of the older 1.7.6-omp-des-7, which provides OpenMP parallelization for DES-based hashes (this is not part of the jumbo patch).

January 14, 2011
We've setup a new wiki page on Openwall GNU/*/Linux 3.0 coverage by Linux and technology news sites. Especially valuable is the detailed independent review written by Koen Vervloesem for LWN.

News archive (since 2001)

Quick Comment:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ