Hi,
A couple of days ago, I've released a new revision of the kernel patch,
updated to Linux 2.4.37.5:
http://www.openwall.com/linux/
(and I similarly released updates to all other minor revisions of Linux
2.4.37.x before, some of which I neglected to announce in here). The
important
Hi,
There are fresh ISO images of Owl-current (for x86 and x86-64) available
on our FTP mirrors:
http://www.openwall.com/Owl/DOWNLOAD.shtml
Additionally, as an experiment, now there are direct download links to
these ISOs off of Owl homepage:
http://www.openwall.com/Owl/
(these point to some
Hi,
This is to announce three items at once (yes, I will be trying to make
postings to this list less frequent):
1. Fresh ISO images of Owl-current for x86 and x86-64 (generated on
October 25) are available on our FTP mirrors. There are also direct
download links on the Owl homepage:
Hi,
This is to announce several things at once:
1. Linux 2.4.37.7-ow1 is out:
http://www.openwall.com/linux/
This is merely an update of the patch to the new 2.4.37.7 kernel
release, which fixes a number of security-related bugs:
http://www.kernel.org/pub/linux/kernel/v2.4/ChangeLog-2.4.37.7
Hi,
John the Ripper 1.7.4 is out, along with its corresponding jumbo patch
update. This is a development version focusing on many improvements to
the word mangling rules engine.
http://www.openwall.com/john/
http://www.openwall.com/john/#contrib
The changes since 1.7.3.4 are as follows:
*
Hi,
John the Ripper version 1.7.4.2 is out, along with its corresponding
jumbo patch update. This is another development version, and this time
the focus was on performance improvements with very large password files
or sets of files.
http://www.openwall.com/john/
Hi,
This is to announce two updates at once:
1. John the Ripper version 1.7.5 is out, along with its corresponding
jumbo patch update. This is yet another development version. There was
no specific focus for this update, so a variety of minor enhancements
were implemented (mostly in response
Hi,
This is to announce three items at once, mostly related to John the Ripper
password cracker.
1. We've setup the Openwall file archive - a locally-hosted web-based
archive with current and old revisions of Openwall software releases,
user contributions, and other related files. Previously,
Hi,
passwdqc, our proactive password/passphrase strength checking and policy
enforcement toolset, has been enhanced in many ways, bringing it up to
version 1.2.0:
http://www.openwall.com/passwdqc/
The pwqcheck program is now directly usable as the passwordcheck program
on OpenBSD - that is, to
Hi,
Today's ISO images and pre-created OpenVZ container templates of
Owl-current for x86 and x86-64 are currently propagating to our FTP
mirrors. The ISOs are also available via direct download links right
off the Owl homepage:
http://www.openwall.com/Owl/
Hi,
As usual, this is a cumulative announcement for several things at once.
These were previously tweeted about - http://twitter.com/openwall - and
posted on the news page - http://www.openwall.com/news
For this announcement, I'll group them into two categories:
1. It is now possible to get
Hi,
In case some of you are wondering why there's no glibc security update
for Owl when almost all major distros are releasing critical security
updates now, the answer is simple: Owl is not vulnerable to
CVE-2010-3847 and CVE-2010-3856 (both discovered by Tavis Ormandy).
This is for several
Hi,
I've just released new Owl-current ISOs, OpenVZ container templates, and
freshly rebuilt package sets for i686 and x86-64. This might be the
last Owl-current snapshot before we make our 3.0 release, so please test
extensively and report both successes and failures (in some detail). ;-)
The
Hi,
After the security compromise that affected several gnu.org services and
websites, GNU Savannah (free software development hosting) introduced
proper password hashing and password/passphrase strength checking using
Openwall's passwdqc (invoking the pwqcheck and pwqgen programs):
Hi,
We've made available another Owl-current snapshot, along with new ISOs
and OpenVZ container templates:
http://www.openwall.com/Owl/
Contrary to what was planned, we have not broken 3.0 compatibility yet.
The primary reason for us to make this unexpected set of ISOs and
vztemplates was that
Hi,
This is one of those cumulative announcements. I'll start with the most
important and most recent item:
1. After several development-only revisions of the jumbo patch, we've
finally released one intended for actual use. Yes, it's an upgrade from
1.7.7-jumbo-1 straight to -jumbo-5 for the
Hi,
crypt_blowfish is an implementation of a decent password hashing method
provided via the crypt(3) and a reentrant interface.
I've just released crypt_blowfish 1.2:
http://www.openwall.com/crypt/
To provide for better upgrade strategies from pre-1.1 versions of
crypt_blowfish with the sign
Hi,
Openwall GNU/*/Linux 3.0-stable has been updated to include almost all
changes made and tested in Owl-current in recent months, including new
package additions, and excluding only changes that would break binary
compatibility with the 3.0 release (specifically, Owl-current's OpenSSL
update
Hi,
This is to announce two things at once:
1. As many of you are aware, there hasn't been a new official build of
John the Ripper for Windows for years. (The latest official build was
of version 1.7.0.1, and there were many user-contributed builds.)
Well, this has changed. I've just released
Hi,
As many of you are aware, Openwall participated in Google Summer of Code
(GSoC) last year. We worked with 5 students under the GSoC program, we
got useful stuff done (with some of it being in mainline Linux kernels
and in released versions of John the Ripper now), and we met new people
some
Hi,
A new snapshot of Owl-current is available, including ISO images, OpenVZ
container templates, binary packages for i686 and x86_64, and indeed
full sources. The new ISOs are linked right from the Owl homepage:
http://www.openwall.com/Owl/
Significant changes since the previous set of ISOs
Hi,
This is mostly old news for those of you who follow @Openwall on
Twitter, but better late than never, so here goes:
I will speak at Positive Hack Days (abbreviated PHDays or PHD) held in
Moscow, Russia on May 30-31, 2012. I understand that it's too late to
arrange travel now, but if you
Hi,
PHDays 2012 was great!
The slides from my Password security: past, present, future talk are
now online:
http://www.openwall.com/presentations/PHDays2012-Password-Security/
You may also download them in PDF format.
I ended up not focusing on the future as much as I had intended to,
largely
Hi,
Simon Marechal (aka Bartavelle), a long-time contributor to John the Ripper
-jumbo, is going to speak at Passwords^12 in Oslo, Norway. This is a
single-track three-day event (December 3-5, 2012) focusing ONLY on
passwords PIN codes in all forms, shapes and sizes. Other speakers
include
Hi,
As those who follow me (@solardiz) or @Openwall on Twitter already know,
I made a lightning talk at ZeroNights conference in Moscow on Nov 19-20:
http://2012.zeronights.org/fasttrack#peslyak
The topic was new developments in password hashing - in a sense, this
talk was continuation to my
Hi,
I've just released minor updates of scanlogd, popa3d, and msulogin.
Most of the corresponding changes have been in Owl for a long while, but
I did not get around to making the proper releases until today.
scanlogd 2.2.7 is available from the usual location:
http://www.openwall.com/scanlogd/
Hi,
Like last summer, I've generated and released new Owl 3.1-stable and
Owl-current ISO images and OpenVZ container templates. These are dated
August 24, and are already on some of the mirrors:
http://www.openwall.com/Owl/
The updates since last summer are minor, and are mostly limited to bug
Hi,
Linux kernel and BIND security updates are now available in Owl-current
and Owl 3.1-stable, documented as follows:
2016/10/23 Package: kernel
SECURITY FIXSeverity: high, local, active
Added a mitigation for the "Dirty COW" Linux kernel privilege escalation
vulnerability
Hi,
I gave two talks at BSidesLjubljana earlier this month.
The first one of these, and one planned in advance, is "yescrypt:
large-scale password hashing". Here are the slides, as well as a link
to the conference website, which in turn links to the talk video:
Hi,
php_mt_seed is a PHP mt_rand() seed cracker. A couple of weeks ago, I
announced php_mt_seed 3.3, which expanded support for SIMD instruction
sets from the previous range of SSE4.1 to AVX2/MIC to also include SSE2
on the lower end and AVX-512 on the high end:
Hi,
We've just released blists 2.0:
http://www.openwall.com/blists/
blists is a web-based interface to mailing list archives that works off
indexed mbox files. There are two programs: bindex and bit. bindex
generates or updates the index file (yes, incremental updates are
supported). bit is
Hi,
As some of you are aware, our Openwall GNU/*/Linux (Owl) project has
been on hold for a long while now, with its future unclear:
http://www.openwall.com/lists/owl-users/2014/12/30/1
That said, we still happen to maintain it, fixing (only) the most
critical vulnerabilities. As part of such
Hi,
We'd like to announce Linux Kernel Runtime Guard (LKRG) version 0.3:
http://www.openwall.com/lkrg/
The following changes have been made between LKRG 0.2 and 0.3:
*) [ED] Fix false positive caused via potential race condition when child
process might be faster than mother returning from
Hi,
For historical reasons, multiple CPU mining focused cryptocurrencies use
yescrypt 0.5'ish as their proof-of-work (PoW) scheme. With this
announcement, we introduce a separate project for the PoW use case:
yespower. Thus, rather than misuse yescrypt 1.0+ for PoW, those and
other projects
Hi,
We'd like to announce Linux Kernel Runtime Guard (LKRG) version 0.5:
https://www.openwall.com/lkrg/
The following changes have been made between LKRG 0.4 and 0.5:
*) [CI] Add *_JUMP_LABEL support for kernel modules (a major change)
*) [CI] Add support for "cold" function versions generated
Hi,
I've just released John the Ripper 1.9.0, available from the usual place:
https://www.openwall.com/john/
These days, this original John the Ripper source tree serves primarily
as the core tree for John the Ripper -jumbo. A 1.9.0-jumbo-1 release
based off this 1.9.0 core is coming shortly.
types
each due to our use of multi-threaded soft CPU cores interfacing to
cryptographic cores) and full source project trees. [Hardware design and
host code by Denis Burykin, project coordination by Solar Designer, testing
also by Royce Williams, Aleksey Cherepanov, and teraflopgroup. 201
Hi,
We'd like to announce Linux Kernel Runtime Guard (LKRG) version 0.7:
https://www.openwall.com/lkrg/
The following changes have been made between LKRG 0.6 and 0.7:
*) Refactor LKRG code to support multiple CPU architectures
*) Add experimental support for ARM64
*) Add experimental support
Hi,
yescrypt is a password-based key derivation function (KDF) and password
hashing scheme. It builds upon scrypt, and our implementation is able
to compute native yescrypt hashes as well as classic scrypt.
This is to announce a major update of yescrypt released today as 1.1.0
and a previously
Hi,
We've just released passwdqc 1.4.0, a new version of our
password/passphrase strength checking and enforcement tool set:
https://www.openwall.com/passwdqc/
We've also released version 1.3.2 earlier in December, without
announcing that one separately, so this announcement is about both.
Hi,
For those new to Linux Kernel Runtime Guard (LKRG), it is a kernel
module that performs runtime integrity checking of the Linux kernel and
detection of security vulnerability exploits against the kernel,
developed primarily by Adam 'pi3' Zabrocki.
Adam recently gave a talk entitled "LKRG in
Hi,
We've recently setup an Openwall organization account on GitHub, and are
now consolidating our Git repositories in there:
https://github.com/openwall
Moved to there so far are Linux Kernel Runtime Guard (LKRG), as already
mentioned on lkrg-users (so not CC'ing to there now), and three
Hi,
This is an update to what I announced in August:
On Mon, Aug 10, 2020 at 11:45:29PM +0200, Solar Designer wrote:
> We've just launched Openwall Password Recovery and Password Security
> Auditing Bundle in AWS Marketplace:
>
> https://www.openwall.com/john/cloud/
>
>
Hi,
We've just launched Openwall Password Recovery and Password Security
Auditing Bundle in AWS Marketplace:
https://www.openwall.com/john/cloud/
We provide a pre-generated Amazon Machine Image (AMI), which lets you
start password recovery or a password security audit in minutes (if
you've used
Hi,
For those new to LKRG, it is a kernel module that performs runtime
integrity checking of the Linux kernel and detection of security
vulnerability exploits against the kernel. We've recently announced
LKRG 0.8 with its many changes and providing a lot of detail here:
Hi,
After almost a year since the previous release, Linux Kernel Runtime
Guard (LKRG) version 0.8 is finally available:
https://www.openwall.com/lkrg/
A lot has changed since LKRG 0.7 - in fact, so much that we're not
trying to document all of the changes this time (although they can be
seen
since tcb 1.1 follows:
2021-01-11 Solar Designer
* tcb.spec: 1.2.
* LICENSE: Update copyright years for Dmitry's recent contributions.
2020-07-16 Dmitry V. Levin
tcb_chkpwd: remove the last remaining piece of NIS+ support.
* progs/tcb_chkpwd.c
directly:
$ git shortlog -s v0.9.0..v0.9.1
4 Adam 'pi3' Zabrocki
2 Mikhail Morfikov
12 Solar Designer
2 Vitaly Chikunov
1 Vladimir D. Seleznev
As usual so far, the key changes in this release are Adam's. Mikhail
contributed the debian/ directory. (My commits, while
Hi,
This is to announce passwdqc 2.0.2, a new minor version of our
password/passphrase strength checking and enforcement tool set:
https://www.openwall.com/passwdqc/
This release is mostly due to work by Dmitry V. Levin.
Significant changes between 2.0.1 and 2.0.2:
Improved pam_passwdqc's
Hi,
This is to announce passwdqc 2.0.1, a new minor version of our
password/passphrase strength checking and enforcement tool set:
https://www.openwall.com/passwdqc/
This release is mostly due to work by Dmitry V. Levin.
Significant changes between 2.0.0 and 2.0.1:
Improved pam_passwdqc's
Hi,
Due to prodding by Mike Gabriel who recently updated the Debian package
of scanlogd to 2.2.7 and reported a couple of minor issues, there's now
a new minor release, scanlogd 2.2.8:
https://www.openwall.com/scanlogd/
scanlogd 2.2.7 produced deprecation warnings for _BSD_SOURCE when built
on
ll list of direct contributors to this release is:
$ git shortlog -sn v0.8.1..v0.9.0
67 Adam 'pi3' Zabrocki
15 Solar Designer
12 Mariusz Zaborski
7 Vladimir D. Seleznev
5 0xC0ncord
5 RageLtMan
5 Vitaly Chikunov
2 F0x1fy
1 William
1 disrupttheflow
I'd
Hi,
Here's an update:
On Tue, Aug 18, 2020 at 08:48:39PM +0200, Solar Designer wrote:
> We've recently setup an Openwall organization account on GitHub, and are
> now consolidating our Git repositories in there:
>
> https://github.com/openwall
>
> Moved to there so far are Li
Hi,
This is to announce passwdqc 2.0.0, a new version of our
password/passphrase strength checking and enforcement tool set:
https://www.openwall.com/passwdqc/
There's also a corresponding update of passwdqc for Windows:
https://www.openwall.com/passwdqc/windows/
The upstream repository for
Adam 'pi3' Zabrocki
11 Solar Designer
7 Vitaly Chikunov
3 Mariusz Zaborski
3 Patrick Schleizer
2 Mikhail Morfikov
2 Vladimir D. Seleznev
1 0xC0ncord
As usual so far, the key changes in this release are Adam's. Notable to
our project was Vitaly's ongoi
deletions(-)
They are by the following people:
$ git shortlog -sn v0.9.6..v0.9.7
7 Solar Designer
5 Vitaly Chikunov
2 Adam 'pi3' Zabrocki
2 Patrick Schleizer
2 Valentin Obst
1 RageLtMan
1 Vladimir D. Seleznev
1 fluidog
Alexander
shortlog -sn v0.9.2..v0.9.3
11 Vitaly Chikunov
8 Solar Designer
4 Mariusz Zaborski
3 Adam 'pi3' Zabrocki
2 RageLtMan
1 John Helmert III
1 Vladimir D. Seleznev
As usual so far, the key changes in this release are Adam's. Notable to
our project was Vitaly's
changed, 1744 insertions(+), 3034 deletions(-)
The changes this time are by the following people:
$ git shortlog -sn v0.9.3..v0.9.4
38 Solar Designer
4 Vitaly Chikunov
3 Adam 'pi3' Zabrocki
1 Kenton Groombridge
1 Krish-sysadmin
1 RageLtMan
1 lc85446
1
.4..v0.9.5
6 Solar Designer
1 Adam 'pi3' Zabrocki
1 Vitaly Chikunov
Alexander
9 Solar Designer
4 Adam 'pi3' Zabrocki
2 Vitaly Chikunov
2 Vladimir D. Seleznev
2 redp
1 mrl5
In related news, LKRG is now packaged in Guix and NixOS.
Alexander
Hi,
As many of you recall, in 2020 we launched Openwall Password Recovery
and Password Security Auditing Bundle in AWS Marketplace:
https://www.openwall.com/john/cloud/
We provide a pre-generated Amazon Machine Image (AMI), which lets you
start password recovery or a password security audit in
Hi,
Earlier this month, I gave the opening keynote talk at SSTIC in Rennes,
France, then its revision at BSidesLjubljana in Ljubljana, Slovenia.
The topic was 15+ years of oss-security. Incidentally, this was SSTIC's
20th anniversary and the event was closed by a related talk on 20+ years
of
Hi,
This is to announce passwdqc 2.0.3, a new minor version of our
password/passphrase strength checking and enforcement tool set:
https://www.openwall.com/passwdqc/
Significant changes between 2.0.2 and 2.0.3:
Added Cygwin support (by Chad Dougherty).
Added pkg-config file (by Egor Ignatov).
some lines of code were added:
$ git diff --shortstat v0.9.7..v0.9.8
50 files changed, 4314 insertions(+), 42 deletions(-)
The changes these time are by the following people:
$ git shortlog -sn v0.9.7..v0.9.8
38 Solar Designer
3 Adam 'pi3' Zabrocki
3 Vitaly Chikunov
Alexander
Hi,
I gave a talk entitled "Linux kernel remote logging: approaches,
challenges, implementation" on March 1st at BSidesZagreb in Zagreb,
Croatia. Here are the slides:
https://www.openwall.com/presentations/BSidesZagreb2024-Linux-remote-logging/
The talk was recorded, but I think the video
65 matches
Mail list logo