Last Friday, the John the Ripper development team released a new version of JtR 1.7.9-jumbo-6. I think John the Ripper is one of the oldest password-cracking utilities on the market – at least, it’s one of the first that I’ve ever used. I tend to use either John the Ripper or one of the various versions of Hashcat, depending on what hardware I have at my disposal (and, of course, the type of data that needs to be decrypted).
So one of the great new features in JtR is that it now includes CUDA and OpenCL support, so all you folks with your fancy overclocked, water-cooled, thousand+ core GPUs can celebrate. And I’m not just talking about celebrating by dropping $500 on a new graphics card, but by using that card to actually crack bcrypt hashes! The wikipedia article will get you started on why cracking bcrypt is difficult to implement on GPU devices, and as far as I can tell this is the first time it’s been done in OpenCL/CUDA (though there could be tools out there I haven’t used or settings I’ve never previously tested).
But all of that is just scratching the surface – this release also includes lots of new features, including support for non-hashes (OSX keychains, KeePass, and Password Safe for example), hashes (SHA-crypt and more), and challenge/responses. I’m honestly a little surprised that this is just an incremental update, but perhaps there are more bugs to squash before the development team issues a major release. Very impressive work as another hash-cracking tool gets even better!