Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [day] [month] [year] [list]
Date: Sat, 26 Dec 2009 16:42:28 +0300
From: Solar Designer <solar@...nwall.com>
To: announce@...ts.openwall.com, john-users@...ts.openwall.com
Subject: [openwall-announce] JtR 1.7.4 and jumbo patch update

Hi,

John the Ripper 1.7.4 is out, along with its corresponding jumbo patch
update.  This is a development version focusing on many improvements to
the word mangling rules engine.

http://www.openwall.com/john/
http://www.openwall.com/john/#contrib

The changes since 1.7.3.4 are as follows:

* Support for back-references and "parallel" ranges has been added to
the word mangling rules preprocessor.

* The notion of numeric variables (to be used for character positions
and substring lengths along with numeric constants supported previously)
has been introduced into the rules engine.  Two pre-defined variables
("l" for initial or updated word's length and "m" for initial or
memorized word's last character position) and 11 user-defined variables
("a" through "k") have been added.  Additionally, there's a new numeric
constant: "z" for "infinite" position or length.

* New rule commands have been added: "A" (append, insert, or prefix with
a string), "X" (extract a substring from memory and insert), "v"
(subtract and assign to a numeric variable).

* New rule reject flags have been added: ":" (no-op, for use along with
the "parallel" ranges feature of the preprocessor) and "p" (reject
unless word pair commands are allowed, for sharing of the same ruleset
between "single crack" and wordlist modes).

* Processing of word mangling rules has been made significantly faster
in multiple ways (caching of the current length, less copying of data,
code and data placement changes for better branch prediction and L1
cache usage, compiler-friendly use of local variables, code
micro-optimizations, removal of no-op rule commands in an initial pass).

* The default rulesets for "single crack" and wordlist modes have been
revised to make use of the new features, for speed, to produce fewer
duplicates, and to attempt additional kinds of candidate passwords (such
as for years 2010 through 2019 with "year-based" rules).

* The idle priority emulation code has been optimized for lower overhead
when there appears to be no other demand for CPU time.

* The default for the Idle setting has been changed from N to Y.

Speaking of the jumbo patch, besides having been updated to the new
version of JtR it includes only one change: a bug fix patch for
mysql_fmt.c and mysql05_fmt.c by JimF.

Please test and provide your feedback on the john-users mailing list.
Specifically, you may want to benchmark 1.7.3.4 vs. 1.7.4 with their
different john.conf files, as well as with 1.7.3.4's old john.conf file
(which should be valid for 1.7.4 as well).  That way, you'll separate
the effect of code optimizations within JtR vs. that of changes to the
rulesets and to the Idle setting.

You may also benchmark JtR 1.7.4 with Idle=Y (the new default) vs.
Idle=N.  I am specifically interested in such benchmarks on systems
other than Linux.  I might need to reconsider the change of default for
some or for all systems if it causes a significant slowdown on some
systems without much other load.

By "benchmarking", I refer to actual cracking runs (with the same
initial john.pot contents), not just "john --test".  The latter should
be unaffected by the changes between 1.7.3.4 and 1.7.4.

Enjoy, and please don't forget to provide your feedback!

Alexander

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ