A new version of the oldest supported password cracker John the Ripper 1.9.0-jumbo-1 (the project has been developed since 1996) has been released. Since the last version 1.8.0-jumbo-1 was released 4.5 years ago, over 6000 changes (git commits) were made by over 80 developers. Thanks to continuous integration, including pull requests on multiple platforms, during that time, developers recommended using the current edition from GitHub, which has maintained a stable state despite the commits. Most of the code is available under the 0-clause BSD license, but the entire project is covered under the GPLv2 license .
The new version features FPGA support (in addition to CPU, GPU and Xeon Phi). For ZTEX 1.15y boards with 4 FPGA chips each, initially used mostly for Bitcoin mining, 7 types of password hashes are now implemented: bcrypt, classic descrypt (including bigcrypt), sha512crypt, sha256crypt, md5crypt (including Apache apr1 and AIX smd5), Drupal7 and phpass (used in WordPress in particular). Some of these are implemented on FPGA for the first time.
For bcrypt, the achieved performance of ~119k c/s at 2^5 iterations ($2b$05) with a power consumption of about ~27 watts is significantly better than the results for the latest GPUs per board, per hardware price and per watt. Clusters of this type of board are also supported, which is verified up to 16 boards (64 FPGA chips) controlled from a single Raspberry Pi 2. The usual John the Ripper functionality is supported, including all password matching modes and simultaneous loading of a large number of hashes.
For the acceleration of the work the use of mask (mask mode, including in combination with other modes) and comparing the computed hashes with the loaded ones on the FPGA side is implemented. On the implementation side many of the designs (e.g. sha512crypt and Drupal7) use blocks consisting of multi-threaded processor cores (soft CPU cores) that interact with cryptographic cores. Development of this functionality was led by Denis Burykin in coordination with other jumbo developers.
Other important changes:
Support for many additional types of hashes, ciphers, etc., including both classic password hashes (like those from newer versions of QNX) and cryptocurrency wallets, encrypted archives and encrypted file systems (like Bitlocker and FreeBSD geli), as well as support for new kinds of formats previously supported (like the addition of bcrypt-pbkdf support for OpenBSD softraid) and more. In total, 80 formats on the CPU and 47 on OpenCL have been added. The total number of formats is now 407 on the CPU (or 262 not including dynamic formats configurable from configuration files) and 88 on OpenCL.
Dropping support for the CUDA language in favor of OpenCL, which does not prevent NVIDIA GPUs from being fully implemented (and even helps by focusing development and optimizations on a single GPU implementation of each format instead of two implementations previously).
Support for new SIMD instruction sets AVX2, AVX-512 (including for second generation Xeon Phi) and MIC (for first generation) and more universal and complete use of SIMD in many formats implementations, including use of previously supported instruction sets up to AVX and XOP on x86(-64) and NEON, ASIMD and AltiVec on ARM, Aarch64 and POWER, respectively.
Numerous optimizations for CPU and OpenCL, both for more efficient handling of large numbers of hashes simultaneously (e.g., 320 million SHA-1 hashes were verified to load on GPU) and for speeding up hash computation. Some of these optimizations are universal, some cover different subsets of formats, and many are specific to individual formats.
[Auto-]tune optimal buffering of checked passwords on CPU (tune=auto verbosity=5) and optimal job dimensions on OpenCL (enabled by default), including slow recovery to full speed of NVIDIA GTX 10xx series GPU and newer. Using real loaded hashes and real length of checked passwords (when it is known in advance) for such auto-tuning.
Adds a compiler of dynamic expressions, specified directly on the command line, that implement new hybrid hash types such as format=dynamic=sha1(md5($p).$s), computed on the CPU using SIMD. Dozens of fast hashes (from common ones like MD5 to moderately exotic ones like Whirlpool), substring combining, encoding and decoding, character case conversions, password references, salt, username and string constants are supported as components of such expressions.
Eliminates unwanted differences from hashcat, including support for previously hashcat-specific rules (wordlist rule commands), switching to OpenCL device numbering from 1, applying the same default password lengths (usually length 7) in performance tests.
New cracking modes, including PRINCE from hashcat (generates phrases by concatenating several words in ascending order of total length), subsets (picks passwords with not enough different characters even if those characters come from a large set of possible ones) and hybrid external (allows external modes, described in C-like configuration files, to generate many crackable passwords on each base word coming from another mode). Several new predefined external modes have also been added.
Additional options for using multiple modes simultaneously (one on top of the other stacking) as well as wordlist rules stacking.[/DATAENCODE
Improvements to mask mode (gradual stretching of the mask within a specified length range, applying the mask on the OpenCL device or FPGA board side) and single crack (reasonable behavior on devices that compute a large number of hashes in parallel, which was previously lacking in this mode, as well as memory consumption limitations).
Many improvements related to Unicode and other encodings support in different subsystems.
Many improvements to *2john programs (converting files in different formats for use with john), especially wpapcap2john (handles WiFi traffic).
Many new command line options, settings in john.conf, configure script options and related new features, not all of which can be mentioned here.
Improved code quality through built-in support for debug builds with AddressSanitizer (was previously) and UndefinedBehaviorSanitizer (added), the addition of a built-in format phaser (as part of GSoC 2015), the use of continuous integration (builds for dozens of operating system and compiler combinations and testing in them to support all formats correctly).
cvv paypal shop