[58] in Best-of-Security
BoS: John the Ripper v1.4
daemon@ATHENA.MIT.EDU (solar@IDEAL.RU)
Fri Mar 7 08:58:00 1997
Date: Tue, 4 Mar 1997 23:21:03 -0500
Reply-To: solar@IDEAL.RU
From: solar@IDEAL.RU
Errors-To: best-of-security-request@suburbia.net
To: best-of-security@suburbia.net
Resent-From: best-of-security@suburbia.net
I'd like to announce the release of version 1.4 of my UNIX password cracker,
John the Ripper. It is currently available for UNIX (tested with Linux x86,
FreeBSD x86, Solaris 2.x SPARC, OSF/1 Alpha), DOS, WinNT/Win95.
New since version 1.3:
- MD5 based password files support;
- SPARC V8 assembly version;
- a lot of bugfixes.
You may wonder, why design one more password cracker, when we already have
Crack? Well, when I started working on John, Crack v4.1 was a bit outdated,
and I didn't know Crack v5.0 was going to be released. Actually, Crack v5.0
doesn't have much features added since v4.1, it is still lacking a cracking
mode John had from the very beginning -- trying all the possible character
combinations _in_a_reasonable_order_, using character frequencies based on
other real passwords. Crack7 supplied with Crack v5.0 is unlikely to crack
a password of 6 or more characters long (it's even supplied with these lines
commented out), while John is often able to crack non-word-based 8 character
passwords with this mode when running on a single CPU for a day or even less.
The encryption routines are also optimized (both the algorithm and the code),
and are faster than fcrypt() of libdes supplied with Crack v5.0.
However, I must admit that Crack has some features that John doesn't (for
example, the network management), and that I used some ideas from Crack and
other password crackers while developing John (for example, the wordlist
rules syntax). It is not like a competition (who makes the best password
cracker), but just an attempt to do some improvements.
Finally, John the Ripper v1.4 can be downloaded at:
http://www.false.com/security/john/
Signed,
Solar Designer
