Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sun, 16 Sep 2018 16:50:50 +0200
From: Solar Designer <solar@...nwall.com>
To: Claudio Andr?? <claudioandre.br@...il.com>
Cc: john-users@...ts.openwall.com
Subject: Re: John the Ripper on Windows (includes OpenCL on Windows)

Hi Claudio,

Thank you for posting this in here, and sorry for trying to get you into
a discussion on a mailing list again (I'll CC you, as I understand
you're not currently subscribed).

On Sat, Sep 15, 2018 at 10:04:28AM -0300, Claudio Andr?? wrote:
> I would say that if you need John for Windows you should use
> https://rebrand.ly/JtRWin64 [2][3]:
> - it is 100% JtR magnum's source code;
> - it is built and tested on an actual (and auditable) Windows machine;
> - it works on CMD, no need to install CygWin, ...
> - I (tried, at least, to) handled all details;

Great, thanks!  In what way is that Windows machine "auditable"?  Isn't
it a third-party machine that we know little about?  I'm also concerned
about the third-party link redirect service and third-party file
download hosting service (even if same company as the CI service where
we build these).  Anyway, this is better than nothing for those
knowingly accepting the risk, so I've just added such links to:

https://openwall.info/wiki/john/custom-builds

Even though I didn't verify these downloads in any way (beyond my https
client checking the certificate's validity, which passed), I've just
added copies to:

https://download.openwall.net/pub/projects/john/contrib/windows/

which is linked not only from our wiki, but also from JtR homepage:

https://www.openwall.com/john/#contrib

Since the original filenames were non-informative, I've renamed the
files as follows:

mv win_x64.zip john-1.8.0.13-jumbo-b7eae75d7-win64.zip
mv lib_x64.zip john-1.8.0.13-jumbo-b7eae75d7-win64-libs.zip

My intent is to enable people to download this specific revision, which
will hopefully be reasonably usable for a while, without incurring the
risk of using third-party build, download, and link redirect services
for each additional download.  (That risk would have been incurred just
once: when this specific build was made and when I downloaded it.)

Since my trust in these unofficial builds is limited, I am not
PGP-signing them.  Unfortunately, this also means that if our server is
compromised, we might serve compromised downloads with no easy way for
users to detect that.

Ideally, we should be making builds that we could trust, and would be
willing to sign.

> - CygWin OpenCL DLL needs proper ICD information;

Most relevant is this comment:

https://github.com/magnumripper/JohnTheRipper/issues/3191#issuecomment-404051085

"arcfide commented on Jul 11

Okay, I got this fixed up. If you see claudioandre-br's comment, that's where ICD Vendor files are mentioned. He also gives a working example of a build that seems to work. I've got this working now on the current build.

It doesn't require any hard hacks, but I did figure out that the OpenCL drivers with Cygwin don't work without an ICD Vendor file. That means that there has to be a location to find such files. That means that the OpenCL support works on Windows if you run JtR from inside of a Cygwin installation.

To make this work for me on Windows, I installed Cygwin with OpenCL, and then created the /etc/OpenCL/vendors/nvidia.icd file that included the Cygwin path to nvopencl.dll mentioned above. After I did that, I ran JtR from inside of the Cygwin Terminal, which mounts and makes available the /etc/ directory. That has fixed things, and I can now see all of my devices and I can run JtR on the GPU with the appropriate speedups."

Claudio, I notice that your win_x64.zip includes:

       33  08-09-18 18:42   etc/OpenCL/vendors/amd.icd
       33  08-09-18 18:42   etc/OpenCL/vendors/nvidia.icd

BTW, somehow it also includes what's probably a left-over from testing:

    99286  08-09-18 18:43   run/john.log
      355  08-09-18 18:43   run/john.pot

> [2] The readme is at
> https://github.com/claudioandre-br/packages/blob/master/john-the-ripper/readme.md#windows

Thanks.  I also took this opportunity to add more links to your Ubuntu
snap package, which you also documented in there.

Alexander

Powered by blists - more mailing lists

Your e-mail address:

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.