John the ripper 1.7.4 released

John the Ripper is a fast password cracker, currently available for many flavors of Unix (11 are officially supported, not counting different architectures), Windows, DOS, BeOS, and OpenVMS. Its primary purpose is to detect weak Unix passwords. Besides several crypt(3) password hash types most commonly found on various Unix flavors, supported out of the box are Kerberos AFS and Windows NT/2000/XP/2003 LM hashes, plus several more with contributed patches.

JPEG - 2.4 kb

The following changes have been made between John 1.7.3.4 and 1.7.4:

  • Support for back-references and "parallel" ranges has been added to the
    word mangling rules preprocessor.
  • The notion of numeric variables (to be used for character positions
    and substring lengths along with numeric constants supported previously)
    has been introduced into the rules engine. Two pre-defined variables
    ("l" for initial or updated word’s length and "m" for initial or
    memorized word’s last character position) and 11 user-defined variables
    ("a" through "k") have been added. Additionally, there’s a new numeric
    constant: "z" for "infinite" position or length.
  • New rule commands have been added: "A" (append, insert, or prefix with a
    string), "X" (extract a substring from memory and insert), "v" (subtract
    and assign to a numeric variable).
  • New rule reject flags have been added: ":" (no-op, for use along with the
    "parallel" ranges feature of the preprocessor) and "p" (reject unless word
    pair commands are allowed, for sharing of the same ruleset between "single
    crack" and wordlist modes).
  • Processing of word mangling rules has been made significantly faster in
    multiple ways (caching of the current length, less copying of data, code
    and data placement changes for better branch prediction and L1 cache usage,
    compiler-friendly use of local variables, code micro-optimizations,
    removal of no-op rule commands in an initial pass).
  • The default rulesets for "single crack" and wordlist modes have been
    revised to make use of the new features, for speed, to produce fewer
    duplicates, and to attempt additional kinds of candidate passwords (such
    as for years 2010 through 2019 with "year-based" rules).
  • The idle priority emulation code has been optimized for lower overhead when
    there appears to be no other demand for CPU time.
  • The default for the Idle setting has been changed from N to Y.

Post scriptum


Comments