headers
Stephen John Smoogen | 1 Jun 2012 21:02
Picon

Re: "Password security: past, present, future" presentation slides are now online

On 31 May 2012 21:17, Solar Designer <solar@...> wrote:
> Hi,
>
> PHDays 2012 was great!
>
> The slides from my "Password security: past, present, future" talk are
> now online:
>
> http://www.openwall.com/presentations/PHDays2012-Password-Security/
>
> You may also download them in PDF format.
>
> I ended up not focusing on the future as much as I had intended to,
> largely because I simply could not fit that in 50 minutes while also
> providing sufficient background info for people to understand the
> problems that I am proposing how to solve.  There are 9 slides focusing
> on the future, out of a total of 52.  Nevertheless, I think overall the
> experiment went well, and the future part may be expanded in a new
> revision of the presentation - maybe if the speaker is given more than
> 50 minutes or/and the audience is readily familiar with the problems.
>
> I'd appreciate any comments.

Wow that is a lot of information and background. I forgot about the
old Crypt based off the WWII crypto device. Also the information on
the changes from when I dropped out of security in 1994 and 2004 was
very interesting. In general I have found that people end up saying
put 1-5 minutes per slide because of questions and asides. So this is
actually 3 different lectures packed into one. [Far past state,
present state, future state.] One thing I would have been interested
(Continue reading)

Permalink | Reply | 1 comment |
headers
Aleksey Cherepanov | 1 Jun 2012 21:22
Picon

Aleksey's status report #6

I am sorry for so late so late status report.

Since Saturday I was busy with urgent task in university. Then I got a
break for the contest. Currently I should finish my diploma work as
soon as possible. So I will not be able to do my project here till
Monday or even a bit more. I hope this will not affect my project on
the whole.

Leadership during the contest is a very interesting experience for me.
It showed me other side of the process. My general view was changed
significantly. Though it does not affect MJohn much. There are only
few things that I'd like to change a bit.

I'd like to add general todo list into MJohn. It should not be hard
with request-tracker.

Also I'd like to pull chat in. Though it is not important. Important
part here is to have secure channel for fast and fluid coordination
available for all team members.

Done

>>>> - Collaboration tools research
> - Investigate request-tracker

I investigated request-tracker. It seems to fit our needs well. I'd
like to look into other solution but I doubt that will give much. So
I postpone it till implementation of server side. Then we'll see.

To do
(Continue reading)

Permalink | Reply | 1 comment |
headers
Lukas Odzioba | 2 Jun 2012 00:25
Picon
Gravatar

Re: john.conf options subsections

2012/5/29 magnum <john.magnum@...>:
> In Jumbo, we currently have no subsections of Options in john.conf. In
> next Jumbo (magnum-jumbo git repo), we have [Options:OpenCL]. I'm
> contemplating the introduction of a couple new ones (suggested by Frank
> several times and I think someone else too wanted it):

Could you please tell me how these OpenCL settings are used in code?
Or where I can find usage example?
I wanted to move all my KEYS_PER_CRYPT to common-opencl.h. But moving
it co john.conf seems to be better idea.

P.S. We should get rid of KPC :)

Lukas
Permalink | Reply | 8 comments |
headers
Frank Dittrich | 2 Jun 2012 02:01
Picon
Favicon

Re: bash completion for john and unique

On 05/21/2012 10:24 AM, Frank Dittrich wrote:
> I created a bash completion script for John the Ripper which supports
> bash completion for john (official releases and jumbo versions) 

Unfortunately, nobody replied to that mail.
This either means, nobody is interested in bash completion for john, my
last mail was too confusing, or everybody was happy with my script and
didn't find any problems.

Anyway, meanwhile a lot has been changed.

Attached to this mail is the newest version of the script.
(This version is not yet available in magnum's git repository, but I
hope this will not take very long - unless magnum finds bugs in my code.)

The bash completion script now not only supports completion for
--option=val, but also for abbreviated forms --opt=val or -opt=val as
well as options with a colon instead of an equal sign as a separator:
--option:val, -opt:val, and so on.

The location of the script will also change when the next jumbo is released.

My previous mail in this thread describes how to enable bash completion,
and how to adjust completion according to your preferences:

http://openwall.com/lists/john-users/2012/05/21/1

Please test the bash completion, so that I can fix bugs prior to the
next jumbo release.
(Continue reading)

Permalink | Reply | 0 comments |
headers
Oscar Schultz | 2 Jun 2012 16:49
Picon

Introduction to the list

Hello to the list members.

I am Oscar Schultz.
My interest in john-the-ripper is to get it to run on the IBM Z hardware.
The OS is SuSE 11 SP 1. The cpu is an IBM Z IFL.

Hopefully someone on the list can help me with the best.sh step to generate a 
basic arch.h.

the make step runs without error return codes.
trying a make clean generic fails after the detect step in the best.sh step.

The error message is :
./best.sh "make" \
                "DES_fmt.o DES_std.o" \
                "DES_bs_b.o" \
                "MD5_fmt.o MD5_std.o" \
                "BF_fmt.o BF_std.o"
./best.sh: line 20: 60033 Illegal instruction     ./detect $MODE 1 0 0 0 0 0 > 
arch.h
./best.sh: line 20: 60034 Illegal instruction     ./detect $MODE 1 0 0 0 0 0 > 
arch.h
./best.sh: line 20: 60035 Illegal instruction     ./detect $MODE 1 0 0 0 0 0 > 
arch.h
./best.sh: line 20: 60036 Illegal instruction     ./detect $MODE 1 0 0 0 0 0 > 
arch.h
./best.sh: line 20: 60037 Illegal instruction     ./detect $MODE 1 0 0 0 0 0 > 
arch.h
./best.sh: line 33: 60038 Illegal instruction     ./detect $DES_BEST 0 0 0 0 0 
0 > arch.h
(Continue reading)

Permalink | Reply | 0 comments |
headers
Solar Designer | 3 Jun 2012 03:40
Favicon

Re: "Password security: past, present, future" presentation slides are now online

On Fri, Jun 01, 2012 at 01:02:12PM -0600, Stephen John Smoogen wrote:
> [...] this is
> actually 3 different lectures packed into one. [Far past state,
> present state, future state.]

Yes.  I thought of making them separate (or rather past+present is one
and future is another), but that would not match PHDays schedule, and
even if it would, then some people attending the future would not have
listened to past+present before, and vice versa (I imagine some would
get bored during a 50-minute past+present and miss the interesting
future stuff as a result).

A video is now available at:

http://digitaloctober.com/event/positive_hack_days

Scroll down to "Day two. Broadcast of the main event", then choose
"13:59 Alexander (Solar designer) Peslyak, Password security: past,
present, future".  I haven't checked it out myself yet, though, since
they require Flash and won't just let me download the video. ;-(
So I don't know if it's any good. ;-)  I was speaking Russian, and there
was (supposed to be) synchronous translation to English (which I imagine
was really tough for the translator given the topic and the pace!)  Yet
the slides were in English only, as you have seen.  This choice had been
agreed upon as the best with the event organizers, given that over 90%
of the audience was Russian-speaking, but could read technical English.
The online videos are (supposed to be) in both languages (you choose).

> One thing I would have been interested
> in was not as much the cryptographic speed ups as the guessing
(Continue reading)

Permalink | Reply | 0 comments |
headers
NeonFlash | 3 Jun 2012 21:58
Picon
Favicon

JtR 1.7.9-Jumbo-5 Compiling Issues

I am trying to compile JtR 1.7.9-Jumbo-5 on Ubuntu 11.04 and facing issues.

I was able to compile JtR 1.7.9 successfully and I am using it, however, with the community enhanced
version, I face some issues as mentioned below.

Here are the details and my observations:

compiled using:

make -j8 linux-x86-sse2

errors are as follows:

gcc -c -Wall -O2 -fomit-frame-pointer -I/usr/local/include  -DHAVE_CRYPT -DHAVE_DL -funroll-loops dynamic_fmt.c
gcc -c -Wall -O2 -fomit-frame-pointer -I/usr/local/include  -DHAVE_CRYPT -DHAVE_DL -funroll-loops rawSHA224_fmt.c
gcc -c -Wall -O2 -fomit-frame-pointer -I/usr/local/include  -DHAVE_CRYPT -DHAVE_DL -funroll-loops rawSHA256_fmt.c
gcc -c -Wall -O2 -fomit-frame-pointer -I/usr/local/include  -DHAVE_CRYPT -DHAVE_DL -funroll-loops rawSHA384_fmt.c
rawSHA256_fmt.c:7:30: fatal error: openssl/opensslv.h: No such file or directory
compilation terminated.
make[1]: *** [rawSHA256_fmt.o] Error 1
make[1]: *** Waiting for unfinished jobs....
rawSHA384_fmt.c:7:30: fatal error: openssl/opensslv.h: No such file or directory
compilation terminated.
make[1]: *** [rawSHA384_fmt.o] Error 1

Observations:

in rawSHA256_fmt.c and files for other hash types it is using the header file, opensslv.h present inside
openssl directory. It fails since it is not able to locate these files.
(Continue reading)

Permalink | Reply | 3 comments |
headers
Stephen John Smoogen | 3 Jun 2012 22:08
Picon

Re: JtR 1.7.9-Jumbo-5 Compiling Issues

On 3 June 2012 13:58, NeonFlash <psykosonik_frequenz@...> wrote:
> I am trying to compile JtR 1.7.9-Jumbo-5 on Ubuntu 11.04 and facing issues.
>

>
> Can someone help me with these compiling and linking issues?
>
> Thanks.

you need to install the openssl devel libraries. I believe that will be

apt get libssl-devel

--

-- 
Stephen J Smoogen.
"The core skill of innovators is error recovery, not failure avoidance."
Randy Nelson, President of Pixar University.
"Years ago my mother used to say to me,... Elwood, you must be oh
so smart or oh so pleasant. Well, for years I was smart. I
recommend pleasant. You may quote me."  —James Stewart as Elwood P. Dowd
Permalink | Reply | 2 comments |
headers
Frank Dittrich | 3 Jun 2012 22:24
Picon
Favicon

Re: JtR 1.7.9-Jumbo-5 Compiling Issues

On 06/03/2012 10:08 PM, Stephen John Smoogen wrote:
> On 3 June 2012 13:58, NeonFlash <psykosonik_frequenz@...> wrote:
>> I am trying to compile JtR 1.7.9-Jumbo-5 on Ubuntu 11.04 and facing issues.
> 
> you need to install the openssl devel libraries. I believe that will be
> 
> apt get libssl-devel

May be this requirement should be mentioned in the jumbo version of
doc/README. Or should it be mentioned in doc/INSTALL instead?

Frank
Permalink | Reply | 1 comment |
headers
NeonFlash | 4 Jun 2012 06:39
Picon
Favicon

Re: JtR 1.7.9-Jumbo-5 Compiling Issues

Thank you. It worked for me.

apt-get install libssl-dev

And it installs the libssl dev headers.

We need to do this even if we have openssl installed on the linux machine.

Hope this helps someone else also facing the same issue.

________________________________
 From: Frank Dittrich <frank_dittrich@...>
To: john-users@... 
Sent: Monday, June 4, 2012 1:54 AM
Subject: Re: [john-users] JtR 1.7.9-Jumbo-5 Compiling Issues

On 06/03/2012 10:08 PM, Stephen John Smoogen wrote:
> On 3 June 2012 13:58, NeonFlash <psykosonik_frequenz@...> wrote:
>> I am trying to compile JtR 1.7.9-Jumbo-5 on Ubuntu 11.04 and facing issues.
> 
> you need to install the openssl devel libraries. I believe that will be
> 
> apt get libssl-devel

May be this requirement should be mentioned in the jumbo version of
doc/README. Or should it be mentioned in doc/INSTALL instead?

Frank
Permalink | Reply | 0 comments |

Gmane