Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Tue, 15 Jun 2010 09:19:22 +0400
From: Solar Designer <>
Subject: 1.7.6-jumbo-2


I've updated the jumbo patch to John the Ripper 1.7.6.  I started with a
mere update to the new version, resulting in john-1.7.6-jumbo-1.  This
revision of the patch was shortly moved to historical/ (where it can be
found now), replaced by 1.7.6-jumbo-2.

1.7.6-jumbo-2 integrates jmk's john-1.7.5-jumbo-3-netv2-fix.diff from:

It also fixes a number of other issues with contributed code that I had
integrated previously.  Specifically, "make generic" should work again
(it does for me), which was broken with JimF's changes.  Also, I've
changed the default for --fix-state-delay to be 0 (disabling this
optimization), because a higher default resulted in an interrupted and
restored session re-doing a lot of work (even if interrupted cleanly!)
when cracking slow and salted hashes.  Those of you cracking raw MD5
hashes and the like with large wordlists may specify this option with a
non-zero argument explicitly (the old default was 64).

Besides the fixes, I've integrated the following old contributions:
john-1.6.krb4.patch-3.gz, john-1.6.skey.patch-1.gz (these two were
contributed in 1999-2000 by Dug Song), john-1.7-digestmd5-1.diff.gz
(contributed in 2006 by regenrecht), and Perl scripts from
john-1.6-nsldaps4.diff.gz (the C code from this patch was already

The Kerberos v4 TGT module, after my updates for compatibility with
OpenSSL 0.9.7+, should be actually functional - at least it builds
cleanly and the tests pass.  Also, the tgtsnarf program gets built just
fine.  I imagine that it'll fail to build on some of the systems
otherwise supported by JtR, though, because it is the only one in JtR
that makes use of sockets.

The S/Key module, as integrated, is completely untested.  To enable it,
add/uncomment -DHAVE_SKEY and -lskey in the Makefile, then build and
test on a system with the S/Key library (perhaps a *BSD).

The DIGEST-MD5 authentication module is poorly implemented, but I
decided to integrate everything that I could anyway, so it finally got
in.  It requires that the authentication data to attack be specified
right in DMD5_fmt.c at compile-time.  This module specifies no tests,
hence it is excluded from the benchmarks/testing by default (and it
fails the test with "no data" if forced).

As usual, any feedback is welcome.


Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ