1. Is your feature request related to a problem? Please describe

The goal is to force the use of all bash scripts as pinned dependencies. Then, increase traceability.

Pinned dependencies reduce several security risks:

• ensure that verification and deployment are done with the same software, simplifying debugging and allowing reproducibility;
• can help mitigate compromised dependencies that undermine project security;
• they are one way to combat dependency confusion attacks

2. Describe the solution you'd like

Refactor the scripts and use pinned ones.

3. Describe alternatives you've considered

We will create a first attempt followed by improvements. The ultimate goal is to print the checksums of the scripts used within the logs.

As seen in openwall/john#4852

I have intalled John on my ubuntu 20 machine using snap, I have the following version:
John the Ripper 1.9.0-jumbo-1 OMP [linux-gnu 64-bit x86_64 AVX2 AC]

I crack some passwords.
But now I want to use --show to see these passwords:

ask@Garsy:~/Notes/TA/AppliedInfoSec/PassCracking$ john --show passwords_md5.txt
0 password hashes cracked, 6826 left
And john claims that no passwords have been cracked. This seems strange.

I tried looking in the john.pot file, only to find out that there is none!

The i386 architecture has been removed in core22 (snap) and from flathub (flatpak).

Windows packages were discontinued in #16

1. Is your feature request related to a problem? Please describe.

Verify your app ID to indicate that your Flathub upload is approved by the app developer. You'll need to prove that you have control of the app via a website on the app's domain or by checking access to the app's account on a source code hosting site. The verified badge will be shown alongside the app name, publisher name, and the way that the app ID was verified.

2. Describe the solution you'd like

Create a page at https://openwall.com/.well-known/org.flathub.VerifiedApps.txt containing the following token:

67ab019e-c4e8-456f-80ca-ad89b7d4121d

If it is necessary to become a publisher of the application on Flathub (or on snap/Launchpad), the person must go to johh's repository on Flathub (or to Lauchpad, where the build takes place, and to the snapcraft store) and request this.

We never know when shit happens

1. Is your feature request related to a problem? Please describe.

Sooner or later ARM will be (perhaps already is) a very important player even in the cloud.

2. Describe the solution you'd like

Real build based on NVIDIA ARM64 Docker image.

Target CPU ......................................... aarch64 ASIMD, 64-bit LE
AES-NI support ..................................... no
Target OS .......................................... linux-gnu
Cross compiling .................................... no
Legacy arch header ................................. arm64le.h

Optional libraries/features found:
Memory map (share/page large files) ................ yes
Fork support ....................................... yes
OpenMP support ..................................... yes (not for fast formats)
OpenCL support ..................................... yes
Generic crypt(3) format ............................ yes
OpenSSL (many additional formats) .................. yes
libgmp (PRINCE mode and faster SRP formats) ........ yes
128-bit integer (faster PRINCE mode) ............... yes
libz (7z, pkzip and some other formats) ............ yes
libbz2 (7z and gpg2john bz2 support) ............... yes
libpcap (vncpcap2john and SIPdump) ................. yes
Non-free unrar code (complete RAR support) ......... yes
librexgen (regex mode, see doc/README.librexgen) ... no
OpenMPI support (default disabled) ................. no
Experimental code (default disabled) ............... no
ZTEX USB-FPGA module 1.15y support ................. no

Documenting for future reference, from upstream Cygwin:

Therefore we recommend using 32 bit Cygwin only in limited scenarios, with only a minimum of necessary packages installed, and only if there's no way to run 64 bit Cygwin instead.

You have been warned. If you're still sure you really need a 32 bit Cygwin, and there's absolutely no way around it, you may run the setup-x86.exe installer.

JtR developers will no longer support 32-bit builds on Windows sooner or later.

1. Is your feature request related to a problem? Please describe.

It is going to be nice if we can integrate John the Ripper with AI tools:

• Q&A bot;
• code review (the best now seems to be ChatGPT CodeReviewer).

2. Describe the solution you'd like

It would be interesting to see the reviews these tools can produce, since we don't have a lot of eyeballs.

3. Describe alternatives you've considered

I will try "Senior Dev AI Bot" to see how it behaves and performs. It can be a step that an OSS can afford.

No apk:

• To create an apk package I need several files created by Android Studio. A lot.
• And I need to add support for CMake.

I tested the build and created a zip for Android X86 and another for Android ARM.

1. Is your feature request related to a problem? Please describe.

Mute linter warnings

2. Describe the solution you'd like

Make this work like a pro

SYSTEM_WIDE='--with-systemwide'
X86_REGULAR="--disable-native-tests $SYSTEM_WIDE"
X86_NO_OPENMP="--disable-native-tests $SYSTEM_WIDE --disable-openmp"

./configure $X86_NO_OPENMP --enable-simd=sse2   && do_build ../run/john-sse2

Is there a reasonable solution?

To make the build process faster, remove builds that target SIMD extensions that are older than 10 years.

Remove builds for:

• ssse3
• sse4.1
• sse4.2
• xop (I found no XOP in recent AMD CPUs) [1]
• deprecate sse2 or avx in the next 3-5 years
  SSE2 if we give up old hardware, AVX if we stop caring about outdated hardware.

Well, I've seen some timeouts in my build spot (instances) farm infrastructure.

The new fallback chain would be:

• AVX512BW -> AVX512F -> AVX2 -> AVX -> SSE2 (x 2 = 10 binaries).

Do this after the next (rolling) release.

[1] BTW: no one seems to have ever compared XOP and AVX in the john-users list. Is XOP really faster than AVX?

At least, BitDefender.

• the build uses a Windows 2016 Azure (Official) image;
  • created by Azure team. Anyone can audit the image.
• Cygwin needs to be installed. Cygwin is installed via Chocolatey.

To ensure that the package is safe:

VirusTotal

MetaDefender

Jotti

I just noticed that we have some donation badges/links in here. Looks like two lead nowhere, and one to the 0-Day Clothing store for Openwall/JtR apparel. The latter used to include a $10 donation in t-shirt prices that we intended to use for sending free t-shirts to project contributors, which we once did, but we haven't actually done so again for years (maybe wrongly!), leaving these funds with 0-Day Clothing. It looks like they no longer collect those donations now (quite reasonably). I should probably follow up with them on that, but anyhow we're not currently collecting any donations, so shouldn't currently have such badges/links.

I may enable GitHub Sponsors later, but even if so I was thinking of requesting support only from organizations (so with pre-tax money), not from individuals.

I noticed a big performance impact when testing on CircleCI. Upon reviewing I realized that I can't reproduce the issue locally, but I can using the cloud. Below, using Microsoft's cloud.

Latest version:

$ docker run -it ghcr.io/openwall/john:latest best    --test=10 --format=SHA512crypt
 best --test=10 --format=SHA512crypt
Sorry, AVX512BW is required for this build
Sorry, AVX512F is required for this build
Will use /john/run/john-avx2
Will run 8 OpenMP threads
Benchmarking: sha512crypt, crypt(3) $6$ (rounds=5000) [SHA512 256/256 AVX2 4x]... (8xOMP) DONE
Speed for cost 1 (iteration count) of 5000
Raw:    3280 c/s real, 682 c/s virtual

Previous version:

$ docker run -it ghcr.io/openwall/john:v1.9.0J2_J36.7 best    --test=10 --format=SHA512crypt
 best --test=10 --format=SHA512crypt
Sorry, AVX512BW is required for this build
Sorry, AVX512F is required for this build
Will use /john/run/john-avx2
Will run 8 OpenMP threads
Benchmarking: sha512crypt, crypt(3) $6$ (rounds=5000) [SHA512 256/256 AVX2 4x]... (8xOMP) DONE
Speed for cost 1 (iteration count) of 5000
Raw:    3319 c/s real, 687 c/s virtual

Locally:

$ docker run --rm ghcr.io/openwall/john:latest best --test=10 --format=SHA512crypt
best --test=10 --format=SHA512crypt
Sorry, AVX512BW is required for this build
Sorry, AVX512F is required for this build
Will use /john/run/john-avx2
Will run 8 OpenMP threads
Benchmarking: sha512crypt, crypt(3) $6$ (rounds=5000) [SHA512 256/256 AVX2 4x]... (8xOMP) DONE
Speed for cost 1 (iteration count) of 5000
Raw:	2129 c/s real, 286 c/s virtual

$ docker run --rm ghcr.io/openwall/john:v1.9.0J2 best --test=10 --format=SHA512crypt
best --test=10 --format=SHA512crypt
Sorry, AVX512BW is required for this build
Sorry, AVX512F is required for this build
Will use /john/run/john-avx2
Will run 8 OpenMP threads
Benchmarking: sha512crypt, crypt(3) $6$ (rounds=5000) [SHA512 256/256 AVX2 4x]... (8xOMP) DONE
Speed for cost 1 (iteration count) of 5000
Raw:	2100 c/s real, 284 c/s virtual

CircleCI now (this is AWS):

Will run 2 OpenMP threads
Benchmarking: sha512crypt, crypt(3) $6$ (rounds=5000) [SHA512 512/512 AVX512BW 8x]... (2xOMP) DONE
Speed for cost 1 (iteration count) of 5000
Raw:	5263 c/s real, 2693 c/s virtual

Benchmarking: sha512crypt, crypt(3) $6$ (rounds=5000) [SHA512 512/512 AVX512BW 8x]... DONE
Speed for cost 1 (iteration count) of 5000
Raw:	2793 c/s real, 2793 c/s virtual

A week ago:

Will run 2 OpenMP threads
Benchmarking: sha512crypt, crypt(3) $6$ (rounds=5000) [SHA512 512/512 AVX512BW 8x]... (2xOMP) DONE
Speed for cost 1 (iteration count) of 5000
Raw:	6718 c/s real, 3362 c/s virtual

Benchmarking: sha512crypt, crypt(3) $6$ (rounds=5000) [SHA512 512/512 AVX512BW 8x]... DONE
Speed for cost 1 (iteration count) of 5000
Raw:	3486 c/s real, 3486 c/s virtual

• Is it AVX512 related? No, it seems.
• The new image uses make strip. Is it important?
• Is the cloud particularly busy today?

Checklist

🥇 👍

I ran a couple of polls on Feb 7, 2024, and 7z appears to be a really unpopular choice of a download file format.

https://twitter.com/solardiz/status/1755221747626885298

When given a choice, I usually prefer to download a
zip - 33.1%
7z - 10%
tar.gz - 38.5%
tar.xz - 18.5%
130 votes

https://twitter.com/solardiz/status/1755223774004158819

When not giving a choice, downloads should be available only as
zip - 43.7%
7z - 7.6%
tar.gz - 39.5%
tar.xz - 9.2%
119 votes

We can still use the program 7z to produce zip or tar.gz archives with slightly better compression than the usual zip or gzip programs would. IIRC, I did just that for our 1.9.0-jumbo-1 release archives.

1. Is your feature request related to a problem? Please describe.

Audit this repository as seen at https://bestpractices.coreinfrastructure.org/projects/7525

2. Describe the solution you'd like

Add the checklist for the repository practices.

3. Additional context

OpenSSF Best Practices

@solardiz , when you have some free time could you please accept the access request you (probably) received some days ago?

• from Github and me to autorize codefactor to access the repos.

This will authorize codefactor (https://www.codefactor.io/repository/github/openwall/john-packages) to run and scan all commits.

Just to clarify, does this repository use GitHub actions to build the Docker images? readme.md#docker-image has a note "Delivered using GitHub Actions", but the flow chart says that it's using Circle CI.

At least, I'll feel like I'm living in the 80s.

SunOS Release 5.11 Version 11.4.0.15.0 64-bit

Copyright (c) 1983, 2018, Oracle and/or its affiliates. All rights reserved.
Hostname: solaris

[...]
The physical processor has 3 virtual processors (0-2)
  x86 (GenuineIntel 306A9 family 6 model 58 step 9 clock 3478 MHz)
	Intel(r) Xeon(r) CPU E5-1650 v2 @ 3.50GHz
                             Oracle Solaris 11.4 X86
  Copyright (c) 1983, 2018, Oracle and/or its affiliates.  All rights reserved.
                            Assembled 16 August 2018
[...]
  $ uname -m; id; uname -a
  i86pc
  uid=0(root) gid=0(root)
  SunOS solaris 5.11 11.4.0.15.0 i86pc i386 i86pc

--------------------------------
            Building
--------------------------------
checking build system type... i386-pc-solaris2.11
checking host system type... i386-pc-solaris2.11
checking whether to compile using MPI... no

Also [1]:

checking build system type... x86_64-pc-solaris2.11
checking host system type... x86_64-pc-solaris2.11
[...]
  Configured for building John the Ripper jumbo:
  Target CPU ......................................... x86_64 AVX, 64-bit LE
  AES-NI support ..................................... depends on OpenSSL
  Target OS .......................................... solaris2.11
  Cross compiling .................................... no
  Legacy arch header ................................. x86-64.h
  Optional libraries/features found:
  Memory map (share/page large files) ................ yes
  Fork support ....................................... yes
  OpenMP support ..................................... yes (not for fast formats)
  OpenCL support ..................................... no
  Generic crypt(3) format ............................ yes
  OpenSSL (many additional formats) .................. yes
  libgmp (PRINCE mode and faster SRP formats) ........ yes
  128-bit integer (faster PRINCE mode) ............... yes
  libz (7z, pkzip and some other formats) ............ yes
  libbz2 (7z and gpg2john bz2 support) ............... yes
  libpcap (vncpcap2john and SIPdump) ................. yes
  Non-free unrar code (complete RAR support) ......... yes
  librexgen (regex mode, see doc/README.librexgen) ... no
  OpenMPI support (default disabled) ................. no
  Experimental code (default disabled) ............... no
  ZTEX USB-FPGA module 1.15y support ................. no
  Install missing libraries to get any needed features that were omitted.
  Configure finished.  Now "gmake -s clean && gmake -sj4" to compile.

[1] I'm struggling with the package system. Let's trust the second run.

1. Is your feature request related to a problem? Please describe.

The build time is already a problem for me on some occasions.

2. Describe the solution you'd like

Even "average" AWS instances struggle to build all 10 binaries. So removing the SSE2 binaries will improve things.

1. Is your feature request related to a problem? Please describe.

We should let people know about us.

2. Describe the solution you'd like

Post the message below to john-users

Subject: John the Ripper binary packages

This is in fact nothing new for the list, but we would like to announce the existence of John the Ripper compiled packages:

• git repostitory at https://github.com/openwall/john-packages

• there are a stable release (Jumbo 1), a rolling release [1], and a development release;
• you can find packages:
  • in PortableApp style: for Windows and Mac;
  • in sandoboxed [2] style: for Linux;
    • a Canonical snap (the recommended), a flatpak and a Docker image (the recommended method for use in the cloud ☁);

What these packages offer:

• the deployment process and scripts used are public and are evaluated by Static Code Analyzers;
• the VM images used for the build are produced by leaders players, for example, the disk image used in the Windows
  package build is created by the Microsoft team, the Mac X86 by the Circle Internet Services, Inc; well known and very active in Asia;
• automatic virus scanned by VirusTotal;

Hardening:

• it's known [3] that john isn't to be used on untrusted inputs, but how about use hardening with john?
  • or Linux packages execute in a sandbox which limits the system privileges so that if a malicious
    content manages exploits a vulnerability to execute arbitrary code it will be unable to compromise the underlying OS.
  • in addition, some packages use binary hardening techniques [4];

The packages and usage guidelines are available for use by the community at https://github.com/openwall/john-packages.

We appreciate your input and feedback. Greetings everyone.

• [1] Rolling release, also known as rolling update or continuous delivery, is a concept in software development of
  frequently delivering updates to applications. This is in contrast to a standard or point release.
• [2] In computer security, a sandbox is a security mechanism for separating running programs, usually in an effort
  to mitigate system failures and/or software vulnerabilities from spreading.
• [3] https://github.com/openwall/john-packages/security/policy
• [4] https://en.wikipedia.org/wiki/Hardening_(computing)

1. Is your feature request related to a problem? Please describe.

Better advertise the most recent (latest) available releases.

2. Describe the solution you'd like

Ignore the borders. They depend on the viewer (the proposal has not yet been committed, I'm viewing it locally)

From:

To:

Mouse cursor is over the "release date"

Mouse cursor is over the "pre-release version"

Due to pull rate limit imposed by Docker Hub, I'm looking for better places to host Docker images. I'm planing to move JtR Docker images from Docker Hub to GitHub Repository. It seems one configuration is missing.

denied: failed_precondition: Improved container support has not been enabled for 'openwall'. Learn more: https://docs.github.com/packages/getting-started-with-github-container-registry/enabling-improved-container-support

@solardiz, could you please enable it? There is no cost involved; the images will be public and docs says there are no fees for public images.

Currently the Docker images do not contain Python, precluding the use of the xxx2john.py scripts. It would be nice to have a version of the images which have Python included. (Perhaps a separate tag should be used, so people don't have to use the extra space if they don't want Python?)

At least snap and Windows.

Libraries put into these packages are out of date and detection tools are complaining about known security issues.

I should do something to fix this. Rebuild and redeploy these packages seems reasonable.

At least, I will be notified when something bad happens on Darwin OS.

Target CPU ......................................... x86_64 SSE4.1, 64-bit LE
AES-NI support ..................................... depends on OpenSSL
Target OS .......................................... darwin21.6.0
Cross compiling .................................... no
Legacy arch header ................................. x86-64.h

Optional libraries/features found:
Memory map (share/page large files) ................ yes
Fork support ....................................... yes
OpenMP support ..................................... no
OpenCL support ..................................... yes
Generic crypt(3) format ............................ yes
OpenSSL (many additional formats) .................. yes
libgmp (PRINCE mode and faster SRP formats) ........ yes
128-bit integer (faster PRINCE mode) ............... yes
libz (7z, pkzip and some other formats) ............ yes
libbz2 (7z and gpg2john bz2 support) ............... yes
libpcap (vncpcap2john and SIPdump) ................. yes
Non-free unrar code (complete RAR support) ......... yes
librexgen (regex mode, see doc/README.librexgen) ... no
OpenMPI support (default disabled) ................. no
Experimental code (default disabled) ............... no
ZTEX USB-FPGA module 1.15y support ................. no

Install missing libraries to get any needed features that were omitted.

Configure finished.  Now "make -s clean && make -sj4" to compile.
ar: creating archive poly1305-donna.a
ar: creating archive aes.a
ar: creating archive secp256k1.a
ar: creating archive ed25519-donna.a

Make process completed.

Version: 1.9.0-jumbo-1+bleeding-99ebf64df 2023-04-14 13:53:49 -0300
Build: darwin21.6.0 64-bit x86_64 SSE4.1 AC OPENCL
SIMD: AVX, interleaving: MD4:4 MD5:5 SHA1:2 SHA256:1 SHA512:1
CPU tests: AVX
$JOHN is ../run/
Format interface version: 14
Max. number of reported tunable costs: 4
Rec file version: REC4
Charset file version: CHR3
CHARSET_MIN: 1 (0x01)
CHARSET_MAX: 255 (0xff)
CHARSET_LENGTH: 24
SALT_HASH_SIZE: 1048576
SINGLE_IDX_MAX: 2147483648
SINGLE_BUF_MAX: 4294967295
Effective limit: Number of salts vs. SingleMaxBufferSize
Max. Markov mode level: 400
Max. Markov mode password length: 30
clang version: 14.0.0 (clang-1400.0.29.202) (gcc 4.2.1 compatibility)
OpenCL headers version: 1.2
Crypto library: OpenSSL
OpenSSL library version: 030100000
OpenSSL 3.1.0 14 Mar 2023
GMP library version: 6.2.1
File locking: fcntl()
fseek(): fseek
ftell(): ftell
fopen(): fopen
memmem(): System's
times(2) sysconf(_SC_CLK_TCK) is 100
Using times(2) for timers, resolution 10 ms
HR timer: mach_absolute_time(), latency 119 ns
Total physical host memory: 8 GiB
Available physical host memory: 6126 MiB
Terminal locale string: en_US.UTF-8
Parsed terminal locale: UTF-8

Testing: descrypt, traditional crypt(3) [DES 128/128 AVX]... /�-�\�|�/�-�PASS
[...]
Testing: crypt, generic crypt(3) [?/64]... |�/�-�\�|�/�PASS
All 403 formats passed self-tests!
 Ok: -test-full=0 --format=cpu

• Nothing makes it detect OMP;
  • ./configure --enable-werror $BUILD_OPTS LDFLAGS="-L/usr/local/opt/libomp/lib -lomp" CPPFLAGS="-I/usr/local/opt/libomp/include"

ls -lRh /usr/local/opt/libomp/lib  || true
total 3136
-r--r--r--  1 admin  admin   882K Apr  5 03:36 libomp.a
-r--r--r--  1 admin  admin   681K Apr 14 17:10 libomp.dylib

ls -lRh /usr/local/opt/libomp/include  || true
total 256
-rw-r--r--  1 admin  admin    50K Apr  5 03:36 omp-tools.h
-rw-r--r--  1 admin  admin    23K Apr  5 03:36 omp.h
-rw-r--r--  1 admin  admin    50K Apr  5 03:36 ompt.h

• Detection saying SSE4.1 is wrong;

The Launchpad builder(s) may be available soon.

There is apparently no documentation about how John can be configured in the Snap version. The John snap filesystem is intentionally write protected and therefore the /snap/johne-the-ripper/current/run/john.conf cannot be altered. Where in the userspace is John looking for an alternate john.conf? This question should be discussed in the Snap version docs.

Checklist

• 🥇 I've read and understood these instructions;
• 👍 I've tested using latest bleeding package version from this repository.
• 😕 I'm confused and I need guidance.

Problem description

JtR fails to execute cracking in Docker/container image due permission problems:

$ docker run --rm --volume "${PWD}:/data" ghcr.io/openwall/john:rolling_J31 best --wordlist=/data/wordlist.txt /data/shadow.bak

best --wordlist=/data/wordlist.txt /data/shadow.bak
Will use /john/run/john-avx512bw
Warning: detected hash type "md5crypt", but the string is also recognized as "md5crypt-long"
Use the "--format=md5crypt-long" option to force loading these as that type instead
Warning: only loading hashes of type "md5crypt", but also saw type "sha256crypt"
Use the "--format=sha256crypt" option to force loading hashes of that type instead
Warning: only loading hashes of type "md5crypt", but also saw type "sha512crypt"
Use the "--format=sha512crypt" option to force loading hashes of that type instead
Using default input encoding: UTF-8
open: /john/run/john.log: Permission denied

JOHN_HOME seems to be "/john/run". The default container user "JtR" (UID 1000) does not have write permission to this directory, causing execution to fail.

Build info

$ docker run --rm ghcr.io/openwall/john:rolling_J31 best --list=build-info

best --list=build-info
Will use /john/run/john-avx512bw
Version: 1.9.0-jumbo-1+bleeding-15b3b7c 2023-04-03 12:44:54 -0300
Build: linux-gnu 64-bit x86_64 AVX512BW AC OMP
SIMD: AVX512BW, interleaving: MD4:3 MD5:3 SHA1:1 SHA256:1 SHA512:1
CPU tests: AVX512BW
$JOHN is /john/run/
Format interface version: 14
Max. number of reported tunable costs: 4
Rec file version: REC4
Charset file version: CHR3
CHARSET_MIN: 1 (0x01)
CHARSET_MAX: 255 (0xff)
CHARSET_LENGTH: 24
SALT_HASH_SIZE: 1048576
SINGLE_IDX_MAX: 32768
SINGLE_BUF_MAX: 4294967295
Effective limit: Max. KPC 32768
Max. Markov mode level: 400
Max. Markov mode password length: 30
gcc version: 11.3.0
GNU libc version: 2.35 (loaded: 2.35)
Crypto library: OpenSSL
OpenSSL library version: 030000020
OpenSSL 3.0.2 15 Mar 2022
GMP library version: 6.2.1
File locking: fcntl()
fseek(): fseek
ftell(): ftell
fopen(): fopen
memmem(): System's
times(2) sysconf(_SC_CLK_TCK) is 100
Using times(2) for timers, resolution 10 ms
HR timer: clock_gettime(), latency 33 ns
Total physical host memory: 3827 MiB
Available physical host memory: 2583 MiB
Terminal locale string: C
Parsed terminal locale: UNDEF

$ docker image inspect ghcr.io/openwall/john:rolling_J31 | grep -F Id | tr -d ' '
"Id":"sha256:23d9759026815b746fcd2295314ec609920c99223ee73bc78ab92aede6249b1a",

1. We cannot trust Ubuntu 16 for ever;
2. New version runs on Ubuntu 22.04;
3. It is updated (see the driver version);
4. FPGA emulation looks nice;
5. Still slow, but faster than the current (Ubuntu 16) version.

Platform #0 name: Intel(R) OpenCL, version: OpenCL 3.0 LINUX
    Device #0 (1) name:     Intel(R) Xeon(R) Platinum 8272CL CPU @ 2.60GHz
    Device vendor:          Intel(R) Corporation
    Device type:            CPU (LE)
    Device version:         OpenCL 3.0 (Build 0)
    OpenCL version support: OpenCL C 3.0 
    Driver version:         2023.16.10.0.17_160000 
    Native vector widths:   char 64, short 32, int 16, long 8
    Preferred vector width: char 1, short 1, int 1, long 1
    Global Memory:          6921 MiB
    Global Memory Cache:    256 KiB
    Local Memory:           32 KiB (Global)
    Constant Buffer size:   128 KiB
    Max memory alloc. size: 3460 MiB
    Max clock (MHz):        2600
    Profiling timer res.:   1 ns
    Max Work Group Size:    8192
    Parallel compute cores: 2
    Speed index:            41600

Platform #1 name: Intel(R) FPGA Emulation Platform for OpenCL(TM), version: OpenCL 1.2 Intel(R) FPGA SDK for OpenCL(TM), Version 20.3
    Device #0 (2) name:     Intel(R) FPGA Emulation Device
    Device vendor:          Intel(R) Corporation
    Device type:            Accelerator (LE)
    Device version:         OpenCL 1.2 
    OpenCL version support: OpenCL C 1.2 
    Driver version:         2023.16.10.0.17_160000 
    Native vector widths:   char 64, short 32, int 16, long 8
    Preferred vector width: char 1, short 1, int 1, long 1
    Global Memory:          6921 MiB
    Global Memory Cache:    256 KiB
    Local Memory:           256 KiB (Global)
    Constant Buffer size:   128 KiB
    Max memory alloc. size: 3460 MiB
    Max clock (MHz):        2600
    Profiling timer res.:   1 ns
    Max Work Group Size:    67108864
    Parallel compute cores: 2
    Stream processors:      16  (2 x 8)
    Speed index:            41600

Legacy platform is:

Platform #0 name: Intel(R) CPU Runtime for OpenCL(TM) Applications, version: OpenCL 2.1 LINUX
    Device #0 (1) name:     Intel(R) Xeon(R) CPU E5-2673 v4 @ 2.30GHz
    Device vendor:          Intel(R) Corporation
    Device type:            CPU (LE)
    Device version:         OpenCL 2.1 (Build 0)
    OpenCL version support: OpenCL C 2.0 
    Driver version:         18.1.0.0920 
    Native vector widths:   char 32, short 16, int 8, long 4
    Preferred vector width: char 1, short 1, int 1, long 1
    Global Memory:          6921 MiB
    Global Memory Cache:    256 KiB
    Local Memory:           32 KiB (Global)
    Constant Buffer size:   128 KiB
    Max memory alloc. size: 1730 MiB
    Max clock (MHz):        2300
    Profiling timer res.:   1 ns
    Max Work Group Size:    8192
    Parallel compute cores: 2
    Speed index:            18400

Not sure if it is something new (or the result of an administrator's action). To fix it:

1. Go to https://github.com/openwall/john-packages/pkgs/container/john
2. Access Package settings
3. Then, edit Manage Actions access and add the john-packages repository with write access.

Hi Andre

I could find only the non-omp verson of john-avx2.exe. Do you happen to have the compiled version for windows using omp and avx2 ?

best regards

There are some nice fixes upstream and magnum now is improving NT.

There's not much I need to do, it would still be useful to get access to 'super' server again so I can use my GPU-dependent testing tools.

• 🥇
• 👍

1. Is your feature request related to a problem? Please describe

Some tools are detecting the project as pip related, which doesn't make sense (actually, who cares).

2. Describe the solution you'd like

Anyway, just rename the file.

Using Terraform and Ansible, automate the creation of a password cracking cluster using the cloud (I’ll start with AWS). Using this tool, the user will be able to:

• Automate:
  • create count instances in the cloud using Terraform;
  • install JtR on the instance using Ansible (or use Openwall's ami);
  • from the user's local machine he or she will be able to run, control and stop cracking tasks using Ansible

The user will be able to select the type of instance (any instance types including free tier ones).

The user will run locally (well, the master/controller node can run anywhere, including in the cloud):

• terraform init/apply (inventory file is created);
• ansible-playbook -i inventory create-jtr.yml (build JtR if AMI does not have it);
• SSH or ansible command (to run cracking sessions)

See #9

To do:

• allow SPOT instances and think how we should handle it.

unshadow passwd shadow > full
john full --wordlist=/usr/share/wordlists/rockyou.txt

It just throw the error "No password hashes loaded"

Is your feature request related to a problem? Please describe.

In order to increase the security of our packages, add an automatic virus scan process to the repository. When a release happens, scan it.

Describe the solution you'd like

A Github action will do this for us when we create a new release.

Additional context

Maybe some noise will be seen while I work on this.

1. Is your feature request related to a problem? Please describe.

Basically to be ready to use on any GPU in the cloud.

• The build process is simple and will take advantage of all the infrastructure used to build the CPU version.
• I don't have continuous access to any NVIDIA GPUs. Therefore, the image cannot be tested properly by CI.
• Have I told you that I cannot test it properly? No CPU test restrictions.

2. Describe the solution you'd like

The image will be based on nvidia/cuda:12.2.0-base-ubuntu22.04 instead of ubuntu:22.04.

3. Additional context

No AMD or Intel.

1. Describe the bug

It seems like a bad idea to keep the 'tag Docker image' action active in main. It requires a permissive policy enabled by default and is not important for the repository's daily activities.

In the future, if we need to tag an image, we can do so using the code below (in a temporary branch).

2. How the final version turned out

For the record:

name: Tag Docker Image

on:
  workflow_dispatch:
    inputs:
      target:
        description: "ID of the image to be tagged"
        required: true
        default: "rolling-2310"
      tag:
        description: "The tag that will be applied"
        required: true
        default: "latest"

jobs:
  add-tag:
    permissions: write-all
    runs-on: ubuntu-latest
    steps:
      - name: Harden Runner
        uses: step-security/harden-runner@8ca2b8b2ece13480cda6dacd3511b49857a23c09 # v2.5.1
        with:
          egress-policy: audit

      - name: Log in to GitHub Container Registry
        uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0
        with:
          registry: ghcr.io
          username: ${{ github.repository_owner }}
          password: ${{ secrets.GITHUB_TOKEN }}

      - name: Run script file
        run: |
          docker pull "ghcr.io/openwall/john:${{ github.event.inputs.target }}"
          docker tag "ghcr.io/openwall/john:${{ github.event.inputs.target }}" "ghcr.io/openwall/john:${{ github.event.inputs.tag }}"
          docker images
          docker push "ghcr.io/openwall/john:${{ github.event.inputs.tag }}"
        shell: bash

[Edited]

1. Describe the bug

We have a few tasks (the first one, at least) that need to be performed by someone else.

Tasks:

• open this list of PRs and approve open pull requests [1][2];
• create a PR to add one example of using the Docker image on some "different" cloud GPU provider;
• add Sonar code review (this requires @solardiz to approve the extension)
  • BTW: it only have access to the john-packages repository - they use the appropriate GitHub "get access to repository" interface.

[1] add a comment saying lgtm to closed PRs (as a late formal review).
[2] an easy review task (documentation only) is to approve open PR #278.

[edited]

See https://forum.snapcraft.io/t/patchelf-broke-my-binary/4928

Testing the no-patchelf workaround.

Affects => channel: edge
        => build/revision 380

A snap revert to the previous installed version is a fix.

Funny facts

• if I run the binary unconfined (e.g., /snap/john-the-ripper/current/run/john) it works.
• even a trial snap run like snap run --shell john-the-ripper crashes (SIGSEV).

1. Is your feature request related to a problem? Please describe

Bitrise validation conflicts with our linters. We must document how.

2. Describe the solution you'd like

I will add a patch file that shows where the differences are. It's just formatting.

diff --git a/deploy/Android-Delivery.yml b/deploy/Android-Delivery.yml
index 0427ab8..8021ea9 100644
--- a/deploy/Android-Delivery.yml
+++ b/deploy/Android-Delivery.yml
@@ -50,10 +50,10 @@ workflows:
 
   _deploy:
     steps:
-      - activate-ssh-key@4:
+    - activate-ssh-key@4:
         run_if: '{{getenv "SSH_RSA_PRIVATE_KEY" | ne ""}}'
-      - git-clone@8: {}
-      - [email protected]:
+    - git-clone@8: {}
+    - [email protected]:
         title: Checkout code
         inputs:
           - content: |-
@@ -63,7 +63,7 @@ workflows:
               rm -rf tmp
               git clone --depth 10 https://github.com/openwall/john.git tmp
               cp -r tmp/. .
-      - [email protected]:
+    - [email protected]:
         title: Building JtR
         inputs:
           - content: |-
@@ -85,7 +85,7 @@ workflows:
               mv README.md "${BITRISE_DEPLOY_DIR}/${default_apk_name}/"
               mv run "${BITRISE_DEPLOY_DIR}/${default_apk_name}/run"
               mv doc "${BITRISE_DEPLOY_DIR}/${default_apk_name}/doc"
-      - deploy-to-bitrise-io:
+    - deploy-to-bitrise-io:
         run_if: ".IsCI"
         inputs:
           - is_compress: "true"

IMO, this closed issue is enough to document. Closing.

A large majority of john run commands no longer work due to lzma merging with xz such commands are 7z2john

I dont think I need to list steps to reproduce, just that a large amount of commands are not functional as you can no longer install the old packages