Forgot your password?
typodupeerror

Submission Summary: 0 pending, 0 declined, 3 accepted (3 total, 100.00% accepted)

AMD

+ - John the Ripper Cracks Slow Hashes On GPU-> 1

Submitted by
solardiz
solardiz writes "New community-enhanced version of John the Ripper adds support for GPUs via CUDA and OpenCL, currently focusing on slow to compute hashes and ciphers such as Fedora's and Ubuntu's sha512crypt, OpenBSD's bcrypt, encrypted RAR archives, WiFi WPA-PSK. A 5 times speedup over AMD FX-8120 CPU per-chip is achieved for sha512crypt on NVIDIA GTX 570, whereas bcrypt barely reaches the CPU's speed on AMD Radeon HD 7970 (a high-end GPU). This result reaffirms that bcrypt is a better current choice than sha512crypt (let alone sha256crypt) for operating systems, applications, and websites to move to, unless they already use one of these "slow" hashes and until a newer/future password hashing method such as one based on the sequential memory-hard functions concept is ready to move to.

The same John the Ripper release also happens to add support for cracking of many additional and diverse hash types ranging from IBM RACF's as used on mainframes to Russian GOST and to Drupal 7's as used on popular websites — just to give a few examples — as well as support for Mac OS X keychains, KeePass and Password Safe databases, Office 2007/2010 and ODF documents, Firefox/Thunderbird/SeaMonkey master passwords, more RAR archive kinds, WPA-PSK, VNC and SIP authentication, and it makes greater use of AMD Bulldozer's XOP extensions."

Link to Original Source
Security

+ - 17% Smaller DES S-box Circuits Found-> 2

Submitted by
solardiz
solardiz writes "DES is still in use, brute-force key search remains the most effective attack on it, and it is an attractive building block for certain applications (the key size may be increased e.g. with 3DES). Openwall researchers, with funding from Rapid7, came up with 17% shorter Boolean expressions representing the DES S-boxes. Openwall's John the Ripper 1.7.8 tests over 20 million of combinations against DES-based crypt(3) per second on Core i7-2600K 3.4 GHz, which roughly corresponds to DES encryption speed of 33 Gbps."
Link to Original Source
Security

+ - Openwall Linux 3.0: no SUIDs, anti log spoofing-> 2

Submitted by solardiz
solardiz (817136) writes "Openwall GNU/*/Linux (or Owl for short) version 3.0 is out, marking 10 years of the project. Owl is a small security-enhanced Linux distro for servers, appliances, and virtual appliances. Two curious properties of Owl 3.0: no SUID programs in default install (yet the system is usable, including password changing) and logging of who sends messages to syslog (thus, a user can't have a log message appear to come, say, from the kernel or sshd). No other distro has these. Other highlights of Owl 3.0: single live+install+source CD, i686 or x86_64, integrated OpenVZ (host and/or guest), "make iso" & "make vztemplate" in included build environment, ext4 by default, xz in tar/rpm/less, "anti-Debian" key blacklisting in OpenSSH. A full install is under 400 MB, and it can rebuild itself from source."
Link to Original Source

Remember, UNIX spelled backwards is XINU. -- Mt.

Working...