Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [day] [month] [year] [list]
Date: Fri, 18 Jul 2008 14:58:38 +0400
From: Solar Designer <>
Subject: [openwall-announce] community wiki; notable ElcomSoft product changes; mod_auth_mysql with support for phpass


This is to announce several assorted items at once.  I intend to post
another announcement shortly, focusing on new JtR releases, so I have
left those out of this one.

1. A while ago, we've setup the Openwall community wiki:

The idea is to have a wiki "namespace" for each of our major projects,
maybe resembling the structure of the main Openwall website - e.g., we
have namespaces for Owl and John the Ripper.  Users of our software and
Openwall team members can populate those namespaces with relevant
content.  If you have something relevant to share, please register for a
wiki account and edit away!

Some content is already in place, including a table of John the Ripper
benchmarks on various hardware:

The fastest system in the table is currently based on a Q6700 CPU
running a 64-bit Linux distribution.  This one achieves an equivalent of
just over 2.5 million of traditional DES-based crypt(3) checks per
second per core, but since this CPU is quad-core, this translates to
over 10 million of checks per second per CPU chip, with proper
parallelization.  The slowest is an iPod, which does around one
thousand of traditional crypt(3)'s per second.  If you have a system
substantially different from those listed, please submit your results.

Other wiki pages within John the Ripper namespace include a page on
simple approaches to parallelization and on existing efforts to
introduce parallel processing and distributed processing into JtR:

(primarily written by RB), a page with most useful and currently
relevant excerpts from john-users mailing list:

and a page with instructions on how to extract tarballs and apply John
the Ripper source code patches:

There's also a page on how to make and submit source code patches for
Openwall software, not limited to JtR:

Finally, we're using the community wiki to record and "export" some of
Openwall team's internal conventions, as well as tips & tricks:

So far, pages in the "internal" namespace include those on VIM, Mutt,
and ezmlm-idx settings and usage tips & tricks, and a few more.

I'd like to thank (GalaxyMaster) for setting up and administering the
wiki, and many others for their work on the content.

Please do join us on this community wiki!

2. The Openwall website section on password recovery has been updated
with information on recent ElcomSoft product changes:

The most notable changes are as follows:

Enterprise Edition of Advanced Office Password Breaker now includes a
DVD with pre-computed hash tables ("rainbow tables"), which enables it
to unlock 99.5% of Word documents in less than a minute.  Enterprise
Edition of Advanced PDF Password Recovery now includes revised
pre-computed hash tables on the DVD (improving upon the "rainbow tables"
technique), for 100% success rate at recovering "40-bit" PDF passwords
in a matter of minutes.  Professional Edition of Advanced EFS Data
Recovery is now able to locate master and private keys in deleted files,
and often also on re-formatted disks and overwritten Windows installs,
scanning the disk sector-by-sector and using patterns to locate the keys.

The corresponding web pages are:

3. A patched version of mod_auth_mysql with support for our PHP password
hashing framework's (phpass) portable hashes has been added to the
contributed resources list on the phpass homepage:

This one was indirectly contributed by Nikolay.

Alexander Peslyak <solar at>
GPG key ID: 5B341F15  fp: B3FB 63F4 D7A3 BCCC 6F6E  FC55 A2FC 027C 5B34 1F15 - bringing security into open computing environments

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ