Date: Wed, 27 Apr 2011 05:09:47 +0400 From: Solar Designer <solar@...nwall.com> To: john-users@...ts.openwall.com Subject: GSoC 2011 accepted projects; Summer of Security; new mailing lists Hi, I sent the below announcement to our announce@ list, but since it's also relevant to JtR and since there's surprisingly little overlap between subscribers of the two lists, I am also sending it in here. Three of the five students we accepted will work on JtR-related tasks (including two directly on JtR). Also, JtR builds and works fine with musl instead of glibc (at least 1.7.7 will - I committed some fixes relevant to this). As announced previously, Openwall is participating in Google Summer of Code 2011 (GSoC). We've accepted 5 great student projects, which I'll announce below. However, many more students had applied, and we'd love to work with some of those who we couldn't accept specifically under the GSoC program. Thus, our own Summer of Security program is born: http://openwall.info/wiki/summer-of-security This is inspired by similar programs run by some other GSoC mentoring organizations. (The name Summer of Security was suggested by Donnie Berkholz of Gentoo - thanks!) Initially, we intend to focus on GSoC students who we would have accepted under slightly different circumstances, but almost anyone else is welcome to apply (please refer to the wiki page above for details). We welcome non-code contributions as well. Now, the GSoC students who will work with us this summer, and their projects (in "ideas page" order): Vasiliy Kulikov will work on Linux kernel hardening, producing patches both for latest mainline kernels and for RHEL6/OpenVZ kernels (which we're going to use in Owl). Thus, he is to work with LKML, Red Hat, and OpenVZ folks, as well as with others involved/interested (Ubuntu, Gentoo, grsecurity/PaX). As many of you are aware, Vasiliy has been with Openwall since last year and he intends to stay involved after GSoC 2011, which is important since this project is likely to proceed beyond the end of summer. Vasiliy is already starting the work: http://www.openwall.com/lists/owl-dev/2011/04/23/1 Dhiru Kholia, who had contributed some John the Ripper patches before, has chosen to work on the "support more non-hashes" task now. In fact, he has already implemented a SSH private key passphrase cracker as a JtR patch (this early implementation is far from clean and is quite limited, but it's a good start): http://www.openwall.com/lists/john-dev/2011/04/26/2 http://openwall.info/wiki/john/patches http://openwall.info/wiki/john/non-hashes Lukas Odzioba is to work on GPU-accelerated support for "slow" hashes in John the Ripper. To get started (and selected for GSoC), he implemented JtR patches that crack SHA-256 ("fast") and 5000 iterations of SHA-256 ("slow") hashes on NVidia GPUs (currently implemented in CUDA). (As expected, without changes to JtR core, good efficiency is only achieved for "slow" hashes.) Lukas is currently working on phpass hashes. http://www.openwall.com/lists/john-dev/2011/04/14/3 http://openwall.info/wiki/john/GPU Yuri Gonzaga is to work on a new password hashing method for servers, including an FPGA implementation. He has already implemented bcrypt on FPGA as his qualification task: http://openwall.info/wiki/john/FPGA Project rationale: http://www.openwall.com/lists/crypt-dev/2011/04/05/2 Luka Marcetic will work with Rich Felker (mentor) to implement standard C library unit tests, which will be used to test current and future versions of musl, glibc, and other implementations: http://openwall.info/wiki/musl/unit-tests Additions to this wiki page are welcome. In fact, Luka has already implemented one of the tests as his qualification task: http://www.openwall.com/lists/musl/2011/04/14/3 (this code will need to be cleaned up and wrapped in a testing framework). Many other students contributed code as well. As I wrote above, we intend to work with some of them under Summer of Security. The ideas page has been revised to note which projects are claimed under GSoC 2011, and to link to mailing list postings and wiki pages with relevant contributions: http://openwall.info/wiki/ideas Then, we've setup three new mailing lists (two of which have already been indirectly mentioned above): crypt-dev (design and implementation of a new password hashing method for servers), musl (discussions around musl, a new standard C library for Linux), and sabotage (discussions around Sabotage Linux, an experimental distribution based on musl and BusyBox). The archives and subscription form are available here: http://www.openwall.com/lists/ Last but not least, I'd like to thank Google for continuing to sponsor Open Source projects - and even increasing the budget this year, accepting as many as 175 mentoring organizations and 1116 students. Some of the students may get into Open Source specifically due to this program. I would also like to thank Nmap, Gentoo, and coreboot projects (established GSoC mentoring organizations) for the assistance they have provided us (a new GSoC mentoring organization). http://google-opensource.blogspot.com/2011/04/students-announced-for-2011-google.html http://nmap.org http://www.gentoo.org http://www.coreboot.org Did you know that coreboot can embed a Linux kernel+initrd or a cryptographically enhanced bootloader (GRUB2 with patches) into the mainboard flash/BIOS chip to get a secure boot without relying on signature verification code stored on disk? (I didn't.) Alexander
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.