Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Date: Fri, 18 Jul 2008 14:58:38 +0400
From: Solar Designer <solar@...nwall.com>
To: announce@...ts.openwall.com
Subject: [openwall-announce] community wiki; notable ElcomSoft product changes; mod_auth_mysql with support for phpass

Hi,

This is to announce several assorted items at once.  I intend to post
another announcement shortly, focusing on new JtR releases, so I have
left those out of this one.

1. A while ago, we've setup the Openwall community wiki:

	http://openwall.info

The idea is to have a wiki "namespace" for each of our major projects,
maybe resembling the structure of the main Openwall website - e.g., we
have namespaces for Owl and John the Ripper.  Users of our software and
Openwall team members can populate those namespaces with relevant
content.  If you have something relevant to share, please register for a
wiki account and edit away!

Some content is already in place, including a table of John the Ripper
benchmarks on various hardware:

	http://openwall.info/wiki/john/benchmarks

The fastest system in the table is currently based on a Q6700 CPU
running a 64-bit Linux distribution.  This one achieves an equivalent of
just over 2.5 million of traditional DES-based crypt(3) checks per
second per core, but since this CPU is quad-core, this translates to
over 10 million of checks per second per CPU chip, with proper
parallelization.  The slowest is an iPod, which does around one
thousand of traditional crypt(3)'s per second.  If you have a system
substantially different from those listed, please submit your results.

Other wiki pages within John the Ripper namespace include a page on
simple approaches to parallelization and on existing efforts to
introduce parallel processing and distributed processing into JtR:

	http://openwall.info/wiki/john/parallelization

(primarily written by RB), a page with most useful and currently
relevant excerpts from john-users mailing list:

	http://openwall.info/wiki/john/mailing-list-excerpts

and a page with instructions on how to extract tarballs and apply John
the Ripper source code patches:

	http://openwall.info/wiki/john/how-to-extract-tarballs-and-apply-patches

There's also a page on how to make and submit source code patches for
Openwall software, not limited to JtR:

	http://openwall.info/wiki/how-to-make-patches

Finally, we're using the community wiki to record and "export" some of
Openwall team's internal conventions, as well as tips & tricks:

	http://openwall.info/wiki/internal

So far, pages in the "internal" namespace include those on VIM, Mutt,
and ezmlm-idx settings and usage tips & tricks, and a few more.

I'd like to thank (GalaxyMaster) for setting up and administering the
wiki, and many others for their work on the content.

Please do join us on this community wiki!

2. The Openwall website section on password recovery has been updated
with information on recent ElcomSoft product changes:

	http://www.openwall.com/passwords/

The most notable changes are as follows:

Enterprise Edition of Advanced Office Password Breaker now includes a
DVD with pre-computed hash tables ("rainbow tables"), which enables it
to unlock 99.5% of Word documents in less than a minute.  Enterprise
Edition of Advanced PDF Password Recovery now includes revised
pre-computed hash tables on the DVD (improving upon the "rainbow tables"
technique), for 100% success rate at recovering "40-bit" PDF passwords
in a matter of minutes.  Professional Edition of Advanced EFS Data
Recovery is now able to locate master and private keys in deleted files,
and often also on re-formatted disks and overwritten Windows installs,
scanning the disk sector-by-sector and using patterns to locate the keys.

The corresponding web pages are:

	http://www.openwall.com/passwords/microsoft-office
	http://www.openwall.com/passwords/adobe-pdf
	http://www.openwall.com/passwords/microsoft-windows-ntfs-efs

3. A patched version of mod_auth_mysql with support for our PHP password
hashing framework's (phpass) portable hashes has been added to the
contributed resources list on the phpass homepage:

	http://www.openwall.com/phpass/

This one was indirectly contributed by Nikolay.

Alexander Peslyak <solar at openwall.com>
GPG key ID: 5B341F15  fp: B3FB 63F4 D7A3 BCCC 6F6E  FC55 A2FC 027C 5B34 1F15
http://www.openwall.com - bringing security into open computing environments

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.