Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [day] [month] [year] [list]
Date: Fri, 24 Feb 2006 03:42:13 +0300
From: Solar Designer <>
Subject: interview on John the Ripper 1.7; jumbo patch


I've got two things to announce:

1. SecurityFocus has just published an interview with me about John the
Ripper 1.7.  "Federico Biancuzzi interviews Solar Designer, creator of
the popular John the Ripper password cracker.  Solar Designer discusses
what's new in version 1.7, the advantages of popular cryptographic
hashes, the relative speed at which many passwords can now be cracked,
and how one can choose strong passphrases (forget passwords) that are
harder to break."

The interview can be found here:

2. The contributed resources list on John the Ripper homepage has been
updated to include a jumbo patch for version 1.7 and a package of 1.7
with the jumbo patch applied pre-compiled for Win32.  The jumbo patch
enables processing of many password hash types and ciphers that are not
supported by the official JtR.  You can get this right here:

Here's the "john --test" output for 1.7 with the jumbo patch on a P4
2.8 GHz running Owl 2.0:

Benchmarking: Traditional DES [64/64 BS MMX]... DONE
Many salts:	698662 c/s real, 698662 c/s virtual
Only one salt:	642969 c/s real, 642969 c/s virtual

Benchmarking: NT LM DES [64/64 BS MMX]... DONE
Raw:	6005K c/s real, 6005K c/s virtual

Benchmarking: NT MD4 [TridgeMD4]... DONE
Raw:	1524K c/s real, 1524K c/s virtual

Benchmarking: M$ Cache Hash [mscash]... DONE
Raw:	944176 c/s real, 944176 c/s virtual

Benchmarking: BSDI DES (x725) [64/64 BS MMX]... DONE
Many salts:	24243 c/s real, 24243 c/s virtual
Only one salt:	23833 c/s real, 23833 c/s virtual

Benchmarking: FreeBSD MD5 [32/32]... DONE
Raw:	5191 c/s real, 5191 c/s virtual

Benchmarking: Apache MD5 [32/32]... DONE
Raw:	5031 c/s real, 5031 c/s virtual

Benchmarking: Post.Office MD5 [STD]... DONE
Raw:	1559K c/s real, 1559K c/s virtual

Benchmarking: Raw MD5 [raw-md5]... DONE
Raw:	2394K c/s real, 2394K c/s virtual

Benchmarking: IPB2 MD5 [Invision Power Board 2.x salted MD5]... DONE
Raw:	1349K c/s real, 1349K c/s virtual

Benchmarking: Raw SHA1 [raw-sha1]... DONE
Raw:	1078K c/s real, 1078K c/s virtual

Benchmarking: Kerberos v5 TGT [krb5 3DES (des3-cbc-sha1)]... DONE
Raw:	21716 c/s real, 21716 c/s virtual

Benchmarking: Netscape LDAP SHA [sha1]... DONE
Raw:	1043K c/s real, 1043K c/s virtual

Benchmarking: OpenBSD Blowfish (x32) [32/32]... DONE
Raw:	408 c/s real, 408 c/s virtual

Benchmarking: Eggdrop [blowfish]... DONE
Raw:	9457 c/s real, 9457 c/s virtual

Benchmarking: Kerberos AFS DES [48/64 4K MMX]... DONE
Short:	190720 c/s real, 190720 c/s virtual
Long:	453836 c/s real, 453836 c/s virtual

Benchmarking: MYSQL [mysql]... DONE
Raw:	726624 c/s real, 726624 c/s virtual

Benchmarking: Lotus5 [Lotus v5 Proprietary]... DONE
Raw:	288498 c/s real, 288498 c/s virtual

Benchmarking: More Secure Internet Password [RSA MD defined by BSAFE 1.x]... DONE
Raw:	181666 c/s real, 182030 c/s virtual

Yes, some cipher names are weird and the performance is not optimal -
but this should give you an idea of what the unofficial patches can do
for you.

Alexander Peslyak <solar at>
GPG key ID: B35D3598  fp: 6429 0D7E F130 C13E C929  6447 73C3 A290 B35D 3598 - bringing security into open computing environments

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ