headers
Daniel Beard | 1 Apr 2011 03:48
Picon

Questions about JtR

Hi everybody,

I'm working on a project that utilizes a part of JtR, specifically bitslice
DES (CPU) and eventually (if I don't write it) bitslice DES for GPUs.
Everything else is my own code. In particular there's an algorithm that I've
translated from PHP to C++ and is lacking a key part namely the DES
encryption. So, I have a few general questions since I'm stuck.

1) Am I allowed to use parts from JtR in a seperate project (again, namely
bitslice DES)?
2) Are the Windows binaries cross compiled from a Linux host?
3) The "arch.h" file included in the DES source is that generated by gcc,
make or something else?

That's all I can think of right now.

Regards,
Daniel
Permalink | Reply | 3 comments |
headers
Solar Designer | 1 Apr 2011 14:16
Favicon

Re: Questions about JtR

Hi Daniel,

On Thu, Mar 31, 2011 at 08:48:25PM -0500, Daniel Beard wrote:
> 1) Am I allowed to use parts from JtR in a seperate project (again, namely
> bitslice DES)?

Yes, but your "derived software" has to be placed under GPLv2.

If you'd like to use another license, you need to either negotiate that
with me (as the copyright holder) or reuse only those parts of the
source code that are readily available under less restrictive terms (for
bitslice DES, this means the DES S-box expression files - nonstd.c and
sboxes*.c - but not any other files).

> 2) Are the Windows binaries cross compiled from a Linux host?

No, they're normally compiled on Windows with Cygwin.  (With the jumbo
patch, they may also be compiled with MinGW - also natively on Windows.)

> 3) The "arch.h" file included in the DES source is that generated by gcc,
> make or something else?

The Makefile symlinks or copies one of the arch-specific files to that
name, or with "make generic" it actually invokes a program to generate
the file.

Alexander

P.S. You chose a non-informative message Subject.  Please try to do
better next time (if/when you start another thread). ;-)
(Continue reading)

Permalink | Reply | 2 comments |
headers
JimF | 4 Apr 2011 08:14
Picon

perl script to generate test hashes

I have built a perl script and have added many of the formats handled by 
john.  This script will write out john readable password hashes.

There are still a few formats not handled, and I have not undertaken the 
md5_gen() format (yet).   However, I am posting it now, even though it is 
not quite done, so that others can find use for it.

Adding new formats to this script is easy (if you understand the format). 
Simply add a new string to the  <at> funcs array at the start of the file, then 
add a new sub at the bottom of the file.  The sub at bottom MUST be same 
name as the  <at> funcs array, but the sub's name MUST be lower case.  The string 
in the  <at> funcs must be same letters, but case does not matter.   The 
subroutine in the bottom, will be passed the password (as $_[0] first and 
only argument)  Reading many of the other functions should give an idea of 
what is required.

To use the script is easy.  All password input is from stdin (if you do not 
redirect a file, the script will propt for input).  You can list as many 
'done' formats as you want on the command line.  The script will generate a 
list of password hashes for each type.

So if you did:

gen_pass.pl des xsha mscash < words.dict > hashes.txt

Then in hashes.txt, there would be 3 'blocks' of hashes, a block for Unix 
DES, a block for Mac X-SHA and a block for mscash.  Each of these will have 
random salts (if needed), and each word out of words.dict will be a password 
hash for that format.
(Continue reading)

Permalink | Reply | 1 comment |
headers
Daniel Beard | 4 Apr 2011 05:21
Picon

Re: Questions about JtR

Hey,

Thanks. So I've come up with a few more questions:

1) What's the difference between DES_bs and DES_bs_c?
2) I understand how to set a salt for DES_bs, but I'm totally confused as to
how to which function or combination to use on a plaintext key. (If this
needs to be it's own thread then I'll make a new one with a proper title)

>P.S. You chose a non-informative message Subject.  Please try to do
>better next time (if/when you start another thread). ;-)

Noted. My questions were too general for me to categorize effectively. From
now on most questions will center around use of DES.
Permalink | Reply | 1 comment |
headers
Solar Designer | 4 Apr 2011 15:27
Favicon

Re: Questions about JtR

Daniel,

On Sun, Apr 03, 2011 at 10:21:44PM -0500, Daniel Beard wrote:
> 1) What's the difference between DES_bs and DES_bs_c?
> 2) I understand how to set a salt for DES_bs, but I'm totally confused as to
> how to which function or combination to use on a plaintext key. (If this
> needs to be it's own thread then I'll make a new one with a proper title)

Please join john-dev and bring these questions up in there.  Although
you're not exactly developing John itself, the topic is appropriate for
john-dev, but not for john-users (anymore).  Let's not annoy John
end-users with discussions of the source code when we have a separate
list for that.

Thanks,

Alexander
Permalink | Reply | 0 comments |
headers
joseph varghese | 5 Apr 2011 05:05
Picon
Subject: Re: Interface for John

Re: Interface for John

I've updated my gui and I've uploaded the source code to
https://github.com/jvc007/john-gui . The program now does nothing as I'm
trying to run john inside  a thread. But would it reduce the speed of john?
Permalink | Reply | 4 comments |
headers
Aleksey Cherepanov | 5 Apr 2011 11:29
Picon

Re: Interface for John

Your sources are great. But i did not find a license. Do you use any
license? In other words, is your code under any license?

I do not think that John's speed may be reduced due to running in a
thread because while you start and wait it in other thread John runs in
other process (of course if you did not integrate John into your
program). I do not know about process priority that was started from a
thread but i think it is like any other process that was just started.

Regards,
Aleksey Cherepanov
Permalink | Reply | 3 comments |
headers
joseph varghese | 5 Apr 2011 14:55
Picon

Re: Interface for John

Thanks for your help aleksey.
No my code isn't under any license. I would publish it under any license
that is suitable for the john the ripper project.
Permalink | Reply | 2 comments |
headers
Aleksey Cherepanov | 5 Apr 2011 16:12
Picon

Re: Interface for John

I think that license suitable for John is described in licensing section
on the gsoc ideas page: http://www.openwall.info/wiki/ideas#Licensing .

By the way, as i know, terms of service (tos) of google code and github
forces you to share code under any osi approved license. (I do not know
is it ok to use public domain for your code there but i think if any
problems occur it is possible to solve it with dual licensing.)

Regards,
Aleksey Cherepanov
Permalink | Reply | 1 comment |
headers
jfoug | 5 Apr 2011 23:53
Picon

RE: perl script to generate test hashes

>From: JimF Sent: Monday, April 04, 2011 1:14 AM
>
>I have built a perl script and have added many of the formats handled by
>john.  This script will write out john readable password hashes.

... Clip

I have finished up a v1.01 on this script. Added are md5_gen functions.  
To generate the 'built-in' md5-gen's, add the command line of md5_gen=0 to 
md5_gen=20  and it will process md5_gen(0) to (20) [the current built in 
types].

I have also added a parser to generate non-builtin types.  The easiest 
way to see the syntax, is to simply run the script, using md5_gen as one
of the command line arguments.  Even though md5_gen is one of the types,
it requires extra parameters, and thus, will output a usage message.

To do this format:  md5($p.$s.md5($s.$p).md5($p))  add this command line

./gen_hash.pl md5_gen=salt=true,num=1040,format=
md5($p.$s.md5($s.$p).md5($p))

And the script will generate the lines. The salt will be 6 characters,
randomly chosen. The length of the salt can be varied (with saltlen=#),
but here, we do not specify, so it uses the default.

The hashes which can be done, are any of these:
md5(), md4(), sha1(), MD5() returns base16 in upper case, MD4() SHA1(),
md5_64 returns hash in base-64, md4_64() and sha1_64().   I will probably
add md5_raw(), md4_raw() and sha1_raw() at some time, so that formats such
(Continue reading)

Permalink | Reply | 0 comments |

Gmane