Date: Sun, 16 Sep 2018 16:50:50 +0200 From: Solar Designer <solar@...nwall.com> To: Claudio Andr?? <claudioandre.br@...il.com> Cc: john-users@...ts.openwall.com Subject: Re: John the Ripper on Windows (includes OpenCL on Windows) Hi Claudio, Thank you for posting this in here, and sorry for trying to get you into a discussion on a mailing list again (I'll CC you, as I understand you're not currently subscribed). On Sat, Sep 15, 2018 at 10:04:28AM -0300, Claudio Andr?? wrote: > I would say that if you need John for Windows you should use > https://rebrand.ly/JtRWin64 : > - it is 100% JtR magnum's source code; > - it is built and tested on an actual (and auditable) Windows machine; > - it works on CMD, no need to install CygWin, ... > - I (tried, at least, to) handled all details; Great, thanks! In what way is that Windows machine "auditable"? Isn't it a third-party machine that we know little about? I'm also concerned about the third-party link redirect service and third-party file download hosting service (even if same company as the CI service where we build these). Anyway, this is better than nothing for those knowingly accepting the risk, so I've just added such links to: https://openwall.info/wiki/john/custom-builds Even though I didn't verify these downloads in any way (beyond my https client checking the certificate's validity, which passed), I've just added copies to: https://download.openwall.net/pub/projects/john/contrib/windows/ which is linked not only from our wiki, but also from JtR homepage: https://www.openwall.com/john/#contrib Since the original filenames were non-informative, I've renamed the files as follows: mv win_x64.zip john-18.104.22.168-jumbo-b7eae75d7-win64.zip mv lib_x64.zip john-22.214.171.124-jumbo-b7eae75d7-win64-libs.zip My intent is to enable people to download this specific revision, which will hopefully be reasonably usable for a while, without incurring the risk of using third-party build, download, and link redirect services for each additional download. (That risk would have been incurred just once: when this specific build was made and when I downloaded it.) Since my trust in these unofficial builds is limited, I am not PGP-signing them. Unfortunately, this also means that if our server is compromised, we might serve compromised downloads with no easy way for users to detect that. Ideally, we should be making builds that we could trust, and would be willing to sign. > - CygWin OpenCL DLL needs proper ICD information; Most relevant is this comment: https://github.com/magnumripper/JohnTheRipper/issues/3191#issuecomment-404051085 "arcfide commented on Jul 11 Okay, I got this fixed up. If you see claudioandre-br's comment, that's where ICD Vendor files are mentioned. He also gives a working example of a build that seems to work. I've got this working now on the current build. It doesn't require any hard hacks, but I did figure out that the OpenCL drivers with Cygwin don't work without an ICD Vendor file. That means that there has to be a location to find such files. That means that the OpenCL support works on Windows if you run JtR from inside of a Cygwin installation. To make this work for me on Windows, I installed Cygwin with OpenCL, and then created the /etc/OpenCL/vendors/nvidia.icd file that included the Cygwin path to nvopencl.dll mentioned above. After I did that, I ran JtR from inside of the Cygwin Terminal, which mounts and makes available the /etc/ directory. That has fixed things, and I can now see all of my devices and I can run JtR on the GPU with the appropriate speedups." Claudio, I notice that your win_x64.zip includes: 33 08-09-18 18:42 etc/OpenCL/vendors/amd.icd 33 08-09-18 18:42 etc/OpenCL/vendors/nvidia.icd BTW, somehow it also includes what's probably a left-over from testing: 99286 08-09-18 18:43 run/john.log 355 08-09-18 18:43 run/john.pot >  The readme is at > https://github.com/claudioandre-br/packages/blob/master/john-the-ripper/readme.md#windows Thanks. I also took this opportunity to add more links to your Ubuntu snap package, which you also documented in there. Alexander
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.