Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [day] [month] [year] [list]
Date: Tue, 4 Mar 2003 23:53:13 +0300
From: Solar Designer <>
Subject: popa3d 0.6.1, JtR 1.6.33, FOSDEM, new web pages


This is a combined announcement for several new Openwall releases,
other relevant news items, and web site updates.

New stable versions of the POP3 server, popa3d versions 0.6 and 0.6.1,
have been released.  Changes since the last stable release (0.5.1) are
limited to bug, correctness, and interoperability fixes (this includes
a workaround for an Outlook Express client bug which would show up on
body-less messages).  popa3d 0.6.1 also adds version identification
(popa3d -V), which many have asked for.

Additional popa3d patches have been contributed shortly before these
new releases.  They're currently against popa3d versions 0.5.9 and
0.5.1, but should easily apply to 0.6.1 release as well.  I've
re-organized the list of contributed popa3d resources, dropping
references to obsolete packages and separating the rest into three
categories.  The recently added patches are for Maildir support (by
Hallgrimur H. Gunnarsson and Cory Visi) and IPv6 support with popa3d's
standalone mode (by Jun-ichiro itojun Hagino).

The homepage for popa3d is:

There's a new development version of John the Ripper available,
1.6.33.  This adds a Solaris/SPARC64 make target which achieves the
expected 90% speedup at DES.  This requires a recent version of
Solaris, a 64-bit kernel, and a very recent version of gcc, such as
the gcc 3.2.2 package off sunfreeware).  This version also fixes two
issues with the "unique" utility, one was a bug in "unique" itself
affecting big-endian systems (that's essentially all systems except
x86, Alpha, and VAX) and the other is a bug in the Solaris stdio code
for which I've included a workaround.  I'd like to thank Corey Becker
for reporting and helping me reproduce these.  The new version can be
downloaded from the usual location:

Of course, the publicly-available Owl-current snapshot already
includes popa3d 0.6.1 and John 1.6.33.

For those who don't know yet, I made a talk on Openwall GNU/*/Linux
(Owl) at FOSDEM, the third Free and Open source Software Developers'
European Meeting, which occurred on February 8-9, in Brussels,
Belgium.  The updated version of our presentation slides on Owl as
used at FOSDEM is now available on the Openwall web site:

There's also the interview I gave to FOSDEM organizers shortly before
the event:

The questions (and answers) cover topics such as the history of John
the Ripper and indeed Owl.

Finally, I've created a number of additional web pages.  We're now
exporting a few pieces of software originally developed as a part of
Owl for use on or by other distributions.  The PAM modules developed
for Owl are now available at:

Besides pam_passwdqc, the proactive password strength checker which
already had a web page, this includes pam_userpass, pam_mktemp, and
pam_tcb.  pam_userpass solves the flawed assumption non-interactive
services such as FTP and POP3 servers previously had to make in order
to provide a username and password pair to a PAM module stack.
pam_mktemp provides per-user private temporary file directories.  And
pam_tcb supersedes pam_unix (pam_pwdb) and is a part of our tcb suite
implementing the alternative password shadowing scheme, which in turn
is now available for use with other distributions:

The tcb scheme allows many core system utilities (passwd(1) being the
primary example) to operate with little privilege (not SUID root).

Note that pam_tcb may be useful for you even if you don't intend to
switch to the tcb scheme.  It is fully backwards compatible with
Linux-PAM pam_unix, but offers many improvements and cleaner code.

The tcb suite has been designed and implemented primarily by Rafal
Wojtczuk with significant contributions by me and Dmitry V. Levin.

Finally, some of you may have noticed that I've added a number of
pointers to password recovery resources, primarily for popular
Windows-based file formats.  It is due to the popularity of John the
Ripper that I was getting a significant number of web site visitors
looking for just this kind of thing rather than our Unix security
software.  As a number of such password recovery products are
shareware or purely commercial and good affiliate commissions are
paid, this actually helps the project financially.  And you could
help, too, by simply placing a link off your web site.  This may be a
regular or an affiliate link.  The latter will send any sales
commissions to you, helping the project in an indirect way only
(which is still greatly appreciated!)  The URLs to check are:

Password recovery resources within the main Openwall site:

Password recovery resources on their own:

(you decide which better fits your site).

Information on the affiliate program (which lets you
keep the sales commissions to yourself if you're into it for profit):

Of course, other web links will be appreciated as well.  If you have
an Owl-based web server, you may state so and link to the Owl homepage
("Powered by Openwall GNU/*/Linux"), etc.  If you prefer graphical
buttons for such links, some are available at:

(as well as on other mirrors).  Only a few are available currently,
but more are to be added and any contributions are welcome.  An Owl
artwork web page with proper credits is planned.


Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ