Products Openwall GNU/*/Linux   server OS John the Ripper   password cracker Free & Open Source for any platform Pro for Linux (RPM package) Pro for Mac OS X (dmg package) Wordlists   for password cracking passwdqc   policy enforcement phpass   password hashing in PHP crypt_blowfish   ditto in C/C++ tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login Services Publications Articles Presentations Community Mailing lists Community wiki Donations Resources Source code repository (CVSweb) File archive & mirrors How to verify digital signatures Password recovery resources Recommended books What's new

Date: Tue, 16 Sep 2008 06:56:56 +0400
From: Solar Designer <solar@...nwall.com>
To: john-users@...ts.openwall.com
Subject: Re: jumbo patch for 1.7.3.1

Hi,

I've released revision 3 and revision 4 of the jumbo patch for 1.7.3.1
yesterday.  Revision 3 went under historical/ right away - the reason
why I released it at all was for "revision control" purposes, as well as
to have some better-tested / fallback code to recommend to those who
might report serious problems introduced with revision 4, if any.

Compared to revision 2, released back in August, revision 3 corrects two
problems reported via this mailing list:

The "duplicate guesses" bug introduced with john-1.7.3.1-all-2 and
reported by Adam Turk (the fix is exactly the same as
john-1.7.3.1-all-2-lpsfix1.diff, which I posted before).

The issue with non-guaranteed alignment for "static" variables under
Cygwin, reported/confirmed by Random Intentions and SmarTeam Support.

Revision 4 adds:

Support for HTTP Digest Access Authentication by Romain Raboin:

	http://www.openwall.com/lists/john-users/2008/08/27/2

Support for OpenLDAP SSHA password hashes, extracted out of myjohn.tgz
by bartavelle.

"Markov" cracking mode, also extracted out of myjohn.tgz by bartavelle,
which he nicely documented at:

	http://openwall.info/wiki/john/markov

All three of these additions include minor changes / bug fixes by me.
However, this time the patch was only tested on a few Linux systems, so
it is fairly likely that other issues with these three additions will
pop up when people start using it on non-Linux.

On Mon, Aug 25, 2008 at 10:10:08AM +0200, Simon Marechal wrote:
> The reason why i keep "my" tree public is that it's too tedious to 
> produce clean patches, due to all the specific tweaks only I use. 
> However, if you only want specific parts I could produce a proper patch.

Thank you!  As you have figured out from the above, I decided to pull
whatever I reasonably could out of your myjohn.tgz myself.

> Currently, here are the differences between my stuff and the jumbo patch 
> I know of:
> * probably less stable

Yes, I've fixed plenty of issues with your code that would result in
misbehavior in various cases (mostly on non-x86).

> * less ciphers supported, only tested with x86, x64 linux

Yet you had OPENLDAPS_fmt.c, which was not in the jumbo patch until now.
With that corrected, you still have these extras:

domino4_fmt.c, domino5_fmt.c, domino_md.*, and the corresponding code in
x86.S - I'm not sure how this compares to lotus5_fmt.c and DOMINOSEC_fmt.c,
which are in the jumbo patch.  Do these implement support for the exact
same two things or not?  How does said support differ - in terms of both
functionality and performance?

tightvnc_fmt.c - unused, and it looks unfinished - is that the case?  Is
this something to consider for inclusion (after it is made to work)?

> * markov-chains based password generator, and associated utilities

Right.  This is now imported into 1.7.3.1-all-4.  I dislike the way the
Makefile is hacked to build the extra utilities, though.

> * usage of the SSE functions when they are available

Can you possibly identify those cases where you have optimized assembly
code and the latest jumbo patch does not - and post a list in here, or
maybe submit a patch (to be applied on top of the jumbo patch) right away?

> * a shortcut for the netlm cipher (part of the original LM hash could be 
> bruteforced. It could be possible to crack it almost as fast as the 
> original LM hash)

Where is this hack found in your code, exactly?  Is there any info on it
that would enable people to use it?

> * an optimized "old lotus" implementation for x86

Yes.  I will probably want to have this in the jumbo patch if it really
is faster.

> * some tweaks which i find useful, such as printing the lines that have 
> not been found when doing -show

This specific one is not acceptable as-is because it is a significant
change of program behavior and there's no option to turn it on or off.
IIRC, someone included a cleaner implementation in a patch announced in
here, but I was not merging stuff into the jumbo patch myself at the
time, so it was not included...  I would probably be OK with merging a
patch that would enhance the --show option with some parameters, leaving
the default behavior intact.  The same goes about the long-standing
request for selecting a wordlist ruleset to use from the command-line.
While the official JtR might implement these things in a different and
incompatible fashion eventually, I am fine with having a "temporary"
implementation in the jumbo patches.

I can't comment on other "tweaks" in myjohn.tgz because I don't know
what they are (and I am too lazy to review and make sense of all the
changes now, especially given that some changes are unintentional).

> I believe that the most useful thing that I have and that is not part of 
> the jumbo patch is the markov generator, which is more effective than 
> -inc (for my usage, and especially for slow ciphers) and let you 
> manually but easily distribute work.

OK, this one has been merged. :-)

Thanks,

Alexander

-- 
To unsubscribe, e-mail john-users-unsubscribe@...ts.openwall.com and reply
to the automated confirmation request that will be sent to you.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux - Powered by OpenVZ