While our primary focus is in development of information security related free software, information security research, publications, and community activities aimed at making existing free software safer to use, we also offer a number of services as a means to try to fund said non-commercial activities.
The services include:
Software integration support
We'd be happy to assist your company with integration of our software into your infrastructure and/or your software, as well as with subsequent maintenance and support. This service is especially relevant for our password security software such as yescrypt and passwdqc.
You may request further work on a particular project we have, request a particular feature you may be interested in, request a certain bit of work on third-party free software, or request an entirely new piece of software to be developed. Normally, the resulting software will be free and available to everyone, not just you; this is one thing that helps us keep your costs down.
Source code reviews for security vulnerabilities
You distribute a software product? Offer an (online) service using custom software (such as scripts producing dynamic content on your website)? Intend to use a piece of third-party software for a sensitive task? We have the experience necessary to review the overall design of the software from a security standpoint, conduct comprehensive source code audits for known classes of vulnerabilities, review the use and implementation of cryptographic techniques and the design and implementation of custom communication protocols (if applicable). We will provide you (or your development team) with information on how to deal with the issues found, or, in some cases, we may patch the software ourselves.
Remote information security consulting
We may consult you or your IT staff on information security issues, in particular those related to network design, network equipment and server OS deployment and use. We may also help you define a security policy, or help investigate and deal with a particular security incident. With a long-term partnership, we may keep you informed on new security issues being discovered that affect your particular systems or network, help you do security policy enforcement, and handle incident response.
Our prices vary on a case by case basis. Whenever hourly billing is applicable, the pricing for our consulting services ranges from $150/hour to $250/hour (US dollars), with the lower rates available for work on free software and/or with a long-term commitment. There's a three-hour minimum.
Please e-mail <services at openwall.com> for a price quote as well as to actually order a service and arrange payment.
If you're looking for technical support for our software, the proper contact e-mail addresses are given in the documentation for each software package. For general support or if you have difficulty locating a more specific address, please e-mail <needhelp at openwall.com>. We strive to provide excellent response time for those who have purchased a product or service from us (please be sure to include your order number or other identifying information).
However, please note that we do not provide password recovery services. Please do not bother contacting us with such requests. And no, JtR Pro is not a password recovery tool - rather, it is primarily a tool for systems administrators and security consultants to audit (large) user/password databases (containing password hashes) to identify weak passwords. The free JtR -jumbo includes some advanced end-user password recovery functionality (for local files only, not for remote accounts), but we do not provide support on it. That said, if you already got JtR working on your own and merely need to tune it to perform better in your specific case, then you may join the john-users mailing list and ask the friendly community in there.