Released new version of the oldest supported password cracker John the Ripper 1.9.0-jumbo-1. (The project has been developing since 1996.) project page sources are available for download, as well as ready-made assemblies for Windows.
It is noted that 1.8.0 years have passed since the release of version 1-jumbo-4.5, during which more than 6000 changes (git commits) from more than 80 developers have been made. During this period, the developers recommended using current revision from GitHub, the state of which was maintained stable despite the changes made thanks to continuous integration, which includes a preliminary check of each change (pull request) on many platforms. A feature of the new version is the emergence of support for FPGA (FPGA) in addition to the CPU, GPU and Xeon Phi.
For boards Ztex 1.15y, which included 4 FPGA chips and was originally used mainly for Bitcoin mining, now 7 types of password hashes are implemented: bcrypt, classic descrypt (including bigcrypt), sha512crypt, sha256crypt, md5crypt (including Apache apr1 and AIX smd5), Drupal7 and phpass (used , particularly in WordPress). Some of them are implemented on FPGA for the first time. For bcrypt, the achieved performance of ~119k c/s at 2^5 iterations ("$2b$05") with a power consumption of about 27 watts significantly outperforms the latest GPUs per board, per hardware price, and per watt. Also supported clusters of boards of this type, which tested up to 16 boards (64 FPGAs) controlled from one Raspberry Pi 2. The usual John the Ripper functionality is supported, including all password guessing modes and simultaneous download of a large number of hashes. To speed up the work, we implemented the use of a mask ("--mask" mode, including in combination with other modes) and comparison of the calculated hashes with those loaded on the FPGA side. In terms of implementation, in many of the designs (for example, for sha512crypt and Drupal7) used blocks consisting of multi-threaded processor cores (soft CPU cores) interacting with cryptographic cores. The development of this functionality was led by Denis Burykin in coordination with other jumbo developers.
Other major changes:
- Support for a large number of additional types of hashes, ciphers, etc., including both classic password hashes (for example, from new versions of QNX), and cryptocurrency wallets, encrypted archives and encrypted file systems (for example, Bitlocker and FreeBSD geli), as well as support for new varieties of formats previously supported (for example, bcrypt-pbkdf support for OpenBSD softraid has been added) and much more. In total, 80 formats have been added on the CPU and 47 on OpenCL (and a small number of old ones have been removed as being integrated into new and obsolete ones). The total number of formats is now 407 on the CPU (or 262 not including "dynamic" formats configured from configuration files) and 88 on OpenCL.
- Removal of CUDA language support in favor of OpenCL, which does not interfere with the full use of the NVIDIA GPU in the least (and even helps, thanks to the focus of development and optimizations on one implementation of each format under the GPU instead of two implementations before).
- Support for new SIMD instruction sets - AVX2, AVX-512 (including for the second generation of Xeon Phi) and MIC (for the first generation) - as well as more universal and complete use of SIMD in implementations of many formats, including the use of previously supported instruction sets up to AVX and XOP on x86(-64) and
NEON, ASIMD and AltiVec on ARM, Aarch64 and POWER, respectively. (Partly within GSoC 2015.) - Numerous optimizations for CPU and OpenCL, both to work more efficiently with a large number of hashes at the same time (for example, loading 320 million SHA-1 hashes on the GPU) and to increase the speed of hash calculation. Some of these optimizations are universal, some cover various subsets of formats, and many are format-specific.
- (Auto-)tuning of optimal buffering of checked passwords on the CPU ("-tune=auto --verbosity=5") and optimal job dimensions on OpenCL (enabled by default), including taking into account the slow recovery to the full operating frequency of NVIDIA GTX series GPUs 10xx and newer. Use of real loaded hashes and real length of checked passwords (when it is known in advance) for such auto-tuning.
- Adding a "dynamic expressions" compiler that is specified directly on the command line and implements new hybrid hash types, for example "--format=dynamic='sha1(md5($p).$s)'", calculated on the CPU using SIMD. Dozens of fast hashes (from common ones like MD5 to mildly exotic ones like Whirlpool), substring concatenation, encoding and decoding, character case conversion, password references, salt, username, and string constants are supported as components of such expressions.
- Elimination of undesirable differences from hashcat, including support for previously hashcat-specific wordlist rule commands, switching to OpenCL device numbering from 1, using the same default password lengths (usually length 7) for performance tests.
- New cracking modes, including PRINCE from hashcat (generates "phrases" by concatenating multiple words in ascending order of total length), subsets (brings passwords with not enough different characters even if those characters come from a large set of possible ones) and hybrid external (allows external modes, described in configuration files in C-like language, to generate many verifiable passwords based on each base "word" received from another mode). Also, several new predefined external modes.
- Additional features for using several modes at the same time (one on top of the other - stacking), as well as for such use of rule sets (wordlist rules stacking).
- Improvements to the mask modes (gradual mask stretching in the specified range of lengths, applying the mask on the side of an OpenCL device or FPGA board) and single crack (reasonable behavior on devices that calculate a large number of hashes in parallel, which previously in this mode lacked passwords to be checked, and also limits on memory consumption).
- Many improvements in support for Unicode and other encodings in various subsystems.
- Many improvements to *2john programs (converting files of various formats to
use with john), especially wpapcap2john (handles WiFi traffic). - Many new command line options, john.conf settings, configure script options, and their corresponding new features, not all of which have been mentioned here.
- Improving code quality due to built-in support for debug builds with AddressSanitizer (previously) and UndefinedBehaviorSanitizer (added), adding a built-in format fuzzer (within GSoC 2015), using continuous integration (builds for dozens of operating system and compiler combinations and testing them for correct support of all formats).
Source: linux.org.ru