GSoC/GCI Archive
Google Summer of Code 2015

Openwall

License: New and Simplified BSD licenses

Web Page: http://openwall.info/wiki/ideas

Mailing List: http://www.openwall.com/lists/john-dev/

Openwall's primary focus is in development of information security related free software, information security research, publications, and community activities aimed at making existing free software safer to use.

One of our software projects is Openwall GNU/*/Linux (or simply Owl), a security-hardened Linux distro for servers.

Another project is John the Ripper, a popular Open Source and cross-platform password cracker (password security auditing tool). Its homepage has exceeded 20 million hits. Several JtR tasks are being considered for GSoC.

On top of this, specifically in GSoC 2015 we act as umbrella organization for radare reverse-engineering framework. Here are their ideas.

We also have many smaller and/or new project ideas, and we welcome your own creative and relevant ideas.

Please check out our ideas page for the rationale behind these projects and (a bit) more detail, then approach us with questions if interested.

Projects

  • Enhancing Johnny Johnny's aim is to automate and simplify the password cracking routine with the help of the tremendously versatile and robust John the Ripper, as well as add extra functionality on top of it, specific to Desktop and GUI paradigms, like improved hash and password workflow, multiple attacks and session management, easily define complex attack rules, visual feedback and statistics, all of it on top of the immense capabilities and features offered by both JtR core/proper as well as jumbo.
  • ESIL to Static Single Assignment form ESIL (Radare's Intermediate Language) is currently not in SSA form, which means that variables get assigned more than once. A goal for the radare2 project is to include a retargetable decompiler, and having SSA form output of ESIL is a first step towards this.
  • John the Ripper jumbo robustness improvements This project aims at improving the robustness of John the Ripper jumbo, especially faced with invalid input. There are mainly two approaches, one through fuzzing, and the other through source code review. By fuzzing, American Fuzzy Lop(AFL) can be customized and integrated with John the Ripper jumbo. By source code review, manual reviews and automated static analysis such as valgrind, cppcheck and ClangStatic Analyzer can be used.
  • John the Ripper SIMD support enhancements In this project, we intend to improve John the Ripper's SIMD support. We want to enhance the use of AVX2 intrinsics, and add support for AVX-512 instructions. As AVX-512 is not available yet, we'll use MIC as our experiment target. We'll also add SIMD support for non-x86 architectures, which should be straightforward since the pattern is similar. Another goal is to improve the SIMD implementation of the SHA family hashes. We may try bitslice and other low-level optimizing techniques.
  • John the Ripper support for PHC finalists John the Ripper support for PHC finalists
  • Radare2: ESIL to Static Single Assignment form As a step towards a retargetable decompiler r2's ESIL should get converted to SSA representation. Beyond the naive translation it should also identify local variables and represent them within the SSA graph (where stack deltas are known). Constant folding should further remove noise from the output.
  • yescrypt implementations Yescrypt is a password hashing algorithm, and finalist in the PHC password hashing competition. The task is to implement yescrypt in programming languages other than C, so that applications written those languages can take advantage of yescrypt without being stuck with whichever algorithm they currently have.