Openwall released an updated version of John the Ripper, a password security auditing tool and open source project, providing the community with improvements in the performance of cracking password hashes based on the DES algorithm on CPUs.
In an effort led by Roman Rusakov and Alexander Peslyak, the Openwall team’s breakthrough for more optimal DES S-box expressions provides a 17 percent improvement over the previous best results.
The S-box expressions generated under this effort are being made publicly available, are not copyrighted and are free for reuse by anyone.
Since 1998, numerous attempts have been made to arrive at more optimal DES S-box expressions. During the past year, Openwall researchers developed an idea to approach the optimization problem differently and, as a result, were able to design and successfully implement a new algorithm that significantly improves upon the corresponding prior results.
This new approach is easily adaptable to arbitrary sets of “logic gates.” The team has generated different S-box expressions targeting both typical CPUs with only basic instructions and CPUs/GPUs that have “bit select” instructions. The mentioned improvement over the corresponding previous best results is achieved in both cases.
Besides generating simpler S-box expressions in terms of gate count, efficiency of the corresponding program code was considered and thousands of different same-gate-count expressions were created to generate the best possible code for specific CPU and GPU architectures.
Further, the Openwall researchers implemented and ran special-purpose CPU register allocation and code generation algorithms with intertwined S-box expression and code generation stages, allowing for a further performance boost of the resulting program code.
“The researchers at Openwall deserve significant recognition for discovering and providing a new approach to addressing performance-critical S-box expressions. By providing this new approach free-of-charge through John the Ripper, Openwall is making another major impact on the open source and security communities,” said HD Moore, Rapid7 CSO and Metasploit chief architect.