While our primary focus is development of information security related free software, information security research, publications, and community activities aimed at making existing free software safer to use, we also offer a number of services as a means to fund said non-commercial activities.
The services include:
Software integration support
We'd be happy to assist your company with integration of our software into your infrastructure and/or your software, as well as with subsequent maintenance and support. This service is especially relevant for our password security software such as yescrypt and passwdqc.
You can request further work on a particular project we have, request a particular feature you might be interested in, request a certain bit of work on third-party free software, or request an entirely new piece of software to be developed. Normally, the resulting software will be free and available to everyone, not just you; this is one thing that helps us keep your costs down.
Software design and code review for security vulnerabilities
You distribute a software product? Offer an (online) service using custom software? Intend to use a piece of third-party software for a sensitive task? We have the experience necessary to review the overall design of the software from a security standpoint, conduct comprehensive source code audits for known classes of vulnerabilities, review the use and implementation of cryptographic techniques and the design and implementation of custom communication protocols (if applicable). We will provide you (or your development team) with information on how to deal with the issues found, or, in some cases, we might patch the software ourselves.
Password recovery for encrypted archives, filesystems, keychains, wallets, etc.
This is a service we generally don't offer, but due to the popularity of our John the Ripper password cracker we're often asked to and we occasionally make exceptions. You'd have to have a copy of the encrypted data (we can't recover passwords to remote Internet services such as e-mail and social network accounts, unless you have those stored locally in encrypted form), provide justification that you're authorized to have the password, and be prepared for likely failure (such as if the password is strong and you can't recall enough of it for us to recover the rest). Your budget needs to be at least in thousands of dollars or equivalent (which generally means that you need this for business or the lost data is very valuable to you). For many kinds of encrypted data, we have software that will enable us to attempt password recovery without you having to share the actual data with us. (We realize that this doesn't fit most people's password recovery needs, and we're sorry about that, but accommodating those would be too much of a distraction from our core business.)
Our current pricing is US $250/hour (3 hours minimum) or US $9,000/week (effectively $225/hour, which is a 10% volume discount for pre-ordered "weeks" of 40 hours of effort each). We also offer fixed price quotes for sufficiently specific projects. By advance agreement, we can fix the rate or price and accept payment in other major currencies, or accept payment in a major cryptocurrency.
Please e-mail <services at openwall.com> for a price quote as well as to actually order a service and arrange payment.
If you're looking for (free) technical support for our software, the proper contact e-mail addresses are given in the documentation for each software package. For general support or if you have difficulty locating a more specific address, please e-mail <needhelp at openwall.com>. We strive to provide excellent response time for those who have purchased a product or service from us (please be sure to include your order number or other identifying information).
Please note that with the exception above, we generally do not offer password recovery services. And no, JtR Pro is not a password recovery tool - rather, it is primarily a tool for systems administrators and security consultants to audit (large) user/password databases (containing password hashes) to identify weak passwords. The free JtR -jumbo includes some advanced end-user password recovery functionality (for local files only, not for remote accounts), but we generally do not provide support on that. That said, if you already got JtR working on your own and merely need to tune it to perform better in your specific case, then please join the john-users mailing list and ask the friendly community in there.