Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [day] [month] [year] [list]
Date: Mon, 21 Sep 2009 10:10:14 +0400
From: Solar Designer <solar@...nwall.com>
To: announce@...ts.openwall.com
Subject: [openwall-announce] JtR 1.7.3.4 and new JtR patches; crypt_blowfish, phpass updates

Hi,

This is to announce several somewhat-related news items at once.  Some
of these appeared on the Openwall website earlier:

http://www.openwall.com/news

1. I've released John the Ripper 1.7.3.4, along with an update of the
jumbo patch to this new version.  Besides adding proper links to these
new releases, I've also revised the JtR homepage to make it more focused
on the currently relevant stuff:

http://www.openwall.com/john/
http://www.openwall.com/lists/john-users/2009/09/08/1

The changes made since 1.7.3.1 are intended primarily for use by
packagers of JtR, such as for *BSD "ports" and Linux distributions:

http://www.openwall.com/john/doc/CHANGES.shtml

Since version 1.7.3.1 has existed for a year and proved to be reliable,
and since the changes between 1.7.3.1 and 1.7.3.4 are so minor, 1.7.3.4
is being declared the new "stable" release.

2. We have sort of a stable version of the jumbo patch now.  The
previous update, to version 1.7.3.1-all-6, was bugfix-only, and the new
update to 1.7.3.4-jumbo-1 was just that, a mere update.

http://www.openwall.com/lists/john-users/2009/08/31/1

I recommend everyone packaging JtR to update to 1.7.3.4 (and include
running "make check" with its exit code check on your package build)
and, if you have been including the jumbo patch, update that to the
newly released version as well.

3. Erik Winkler has contributed Win32 and Mac OS X builds of John the
Ripper 1.7.3.1 with revision 6 of the jumbo patch.  These are now found
on the contributed resources list on the John the Ripper homepage:

http://www.openwall.com/john/#contrib
http://www.openwall.com/lists/john-users/2009/09/01/10

4. Many unofficial John the Ripper patches have been developed lately,
including JimF's generic MD5-based hash support stuff found on the wiki,
and my generic crypt(3) support patch intended primarily as an interim
solution for cracking the new glibc/Fedora/Ubuntu "SHA-crypt" hashes.

JimF's contributions:

http://www.openwall.com/lists/john-users/2009/09/06/2
http://openwall.info/wiki/john/patches

My generic crypt(3) support patch:

http://www.openwall.com/lists/john-users/2009/09/02/3

also available as john-1.7.3.1-generic-crypt-1.diff.gz in the FTP
contrib directory:

ftp://ftp.openwall.com/pub/projects/john/contrib/

Sorry, I haven't gotten around to integrating any of these into the
jumbo patch yet (and it is not certain that all are suitable for that).

5. I've released minor updates of our password hashing frameworks,
crypt_blowfish 1.0.3 (C/C++) and phpass 0.2 (PHP).  Additionally,
Dmitry V. Levin has developed a patch integrating crypt_blowfish into
glibc 2.10.1, now linked from the crypt_blowfish homepage.  (Previously,
only patches for older versions of glibc were available.)

http://www.openwall.com/crypt/
http://www.openwall.com/phpass/

That's all for now as it relates to our password security stuff. :-)

Alexander

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ