Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Thu, 24 Jun 2010 15:28:37 +0400
From: Solar Designer <solar@...nwall.com>
To: john-users@...ts.openwall.com
Subject: Re: Supporting Hashes independent of OS

On Wed, Jun 23, 2010 at 06:50:45PM -0400, Robert Harris wrote:
> Why are the hashes the JtR supports dependent on OS it is running on?

Mostly, they are not.  There are a few exceptions to this, of which
SHA-crypt is the only notable one.  Prior to 1.7.6, there were no such
exceptions in the official JtR at all.

I am planning to get the crypto code for SHA-crypt into JtR itself, so
1.7.6's reliance on the underlying OS support for SHA-crypt is temporary.

It was suggested on this very mailing list that I integrate the generic
crypt(3) support into JtR anyway, in case it turns out to be handy on
another occasion (for other/custom/future hash types).  So I decided to
start with this generic solution (even if temporary for SHA-crypt)
rather than with specialized code for SHA-crypt specifically (that would
not depend on the OS).

So far, almost everyone who wanted to crack/audit SHA-crypt hashes
wanted to do so directly on one of the systems those hashes came from,
so I expected 1.7.6's limited SHA-crypt support to work well enough for
most of the users (and I think that it does).

> What are your thoughts on turning John the Ripper into a Java program?

This is a bad idea currently, but of course someone else may create a
"competing" Java program instead.  I wish good luck to them. ;-)

Maybe you thought that this would somehow make it easier to make JtR
independent of the OS support for password hashes?  Well, it would not.
It is easy enough to integrate existing pieces of C code and/or to use
OpenSSL in the current JtR (written in C).  Java does not make this any
easier.  I could have integrated Ulrich Drepper's public domain C code
for SHA-crypt into JtR fairly easily.  Maybe I should have, although I
had some reasons not to (unrelated to programming language choice; in
fact, this would be trickier to do in a language other than C/C++).

Thank you for your questions/feedback!

Alexander

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.