Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Date: Fri, 12 Apr 2019 22:35:48 +0100
From: Darren Wise <darren@...ecorp.co.uk>
To: john-users@...ts.openwall.com
Subject: Re: John the Ripper 1.9.0

Awesome! Thanks for the update :D

On 12/04/2019 20:27, Solar Designer wrote:
> Hi,
>
> I've just released John the Ripper 1.9.0, available from the usual place:
>
> https://www.openwall.com/john/
>
> These days, this original John the Ripper source tree serves primarily
> as the core tree for John the Ripper -jumbo.  A 1.9.0-jumbo-1 release
> based off this 1.9.0 core is coming shortly.  Meanwhile, the
> bleeding-jumbo branch on GitHub is already updated to the 1.9.0 core.
>
> While this is a major release (after almost 6 years since the 1.8.0 core
> release), the community's progress in development of jumbo has been so
> much greater that any changes I make to core are relatively small, as is
> core itself.  Yet they are important.  Besides serving as the core for
> jumbo, other uses of this tree include cases where core's functionality
> alone is still sufficient or where (cross-)compiling jumbo for a given
> target system is too difficult or (as a first step in) porting John the
> Ripper to an unusual new platform.
>
> The following changes have been made between John 1.8.0 and 1.9.0:
>
> * Increased the interleaving for bcrypt on x86-64 from 2x to 3x for a major
> speedup on CPUs without SMT.  Unfortunately, this sometimes results in a minor
> performance regression when running multiple threads on CPUs with SMT.
> * Recognize the $2b$ bcrypt prefix.
> * In the generic crypt(3) format, detect descrypt with valid vs. invalid salts
> as separate id's for our heuristics on supported hash types.
> * Introduced a number of optimizations for faster handling of large password
> hash files, including loading, cracking, and "--show".  Some of these use more
> memory than before, yet in a more efficient manner.
> * Benchmark using all-different candidate passwords of length 7 by default.
> * Dropped undocumented special handling of "Mc" in 'c' and 'C' rule commands.
> * Dropped undocumented limitation of the 'M' and 'Q' rule commands where they
> would sometimes memorize/check only up to the current hash type's length limit
> yet this optimization wouldn't necessarily be transparent (e.g., if a later
> command would extract a substring from above the hash type's length limit and
> bring it to within the limit).
> * Implemented special-case handling of repeated rule commands '$', '^', '[',
> ']', '{', and '}', as well as faster handling of the 'D' command.
> * When built with "--fork" support, disallow session names with all-digit
> suffixes since these clash with those produced by "--fork".
> * Forward SIGTERM to --fork'ed children.
> * Set stdout to line buffered (rather than potentially fully buffered), except
> for "--stdout", "--show", and auxiliary programs such as "unshadow".
> * On Windows, restore normal processing of Ctrl-C in case our parent (such as
> Johnny the GUI) had disabled it.
> * Added linux-x86*-avx512 and linux-x86*-avx2 make targets, which use
> respectively AVX-512 and AVX2 for bitslice DES.
> * Added linux-mic make target for Intel MIC (first generation Xeon Phi, aka
> Knights Corner), which uses its 512-bit SIMD intrinsics for bitslice DES.
> (For second generation Xeon Phi, aka Knights Landing, use linux-x86-64-avx512.)
> * Added linux-arm64le, linux-arm32le-neon, and linux-arm32le make targets.
> (The first two of these make use of ASIMD or NEON for bitslice DES.)
> * Added linux-sparc64 make target.
> * Made a minor optimization to MMX and SSE2 assembly code for LM hash.
> * Dropped Ultrix and SCO support.
> * Don't probe for alternate config file names (like john.ini when on Unix).
> * "DokuWiki" external mode sample has been added to the default john.conf.
> * Fixed operator precedence in the external mode compiler to be the same as C.
> * Fixed an out of bounds write bug in the external mode virtual machine.
> * Fixed a bug introduced in version 1.7.4 in the wordlist rules engine, where
> some sequences of rule commands could overflow a word buffer.
> * Fixed a bug where unaligned access SSE/AVX instructions would unnecessarily
> be generated by GCC 4.6+ in the bitslice DES code in non-OpenMP builds.
> * Fixed a bug where "Warning: no OpenMP support for this hash type" could be
> printed in "--stdout" mode.
> * Made assorted other bugfixes, portability and documentation enhancements.
>
> Please stay tuned for the 1.9.0-jumbo-1 release and announcement, which
> will be "the real one".  There's no way I'd be able to list jumbo's
> changes with the above level of detail - there have been way too many -
> but I plan on listing the release highlights.
>
> Alexander
-- 
WISECORP <https://wisecorp.co.uk>
Darren Wise
eMail: darren@...ecorp.co.uk <mailto:darren@...ecorp.co.uk>
www: https://wisecorp.co.uk

The company [ WISECORP ] accepts no liability for the content of this 
email, or for the consequences of any actions taken on the basis of the 
information provided, unless that information is subsequently confirmed 
in handwriting. If you are not the intended recipient you are notified 
that disclosing, copying, distributing or taking any action in reliance 
on the contents of this information is strictly prohibited.




---
This email has been checked for viruses by AVG.
https://www.avg.com

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.