John the Ripper

John the Ripper is an open-source, offline password auditing tool from Openwall. The community “Jumbo” edition adds extensive hash/credential format support and optional GPU acceleration via OpenCL.

Overview

John the Ripper (JtR) is a general-purpose suite for offline password testing that attempts to recover plaintexts from hashed or otherwise derived credentials. It operates by mapping target artifacts—such as operating-system password hashes, application stores, or credentials extracted from documents and archives—into internal formats and running candidate-generation strategies to verify guesses. The project emphasizes password auditing rather than web testing, yet it appears in broader security workflows that include web authentication when artifacts can be reduced to supported formats (e.g., assessing weak symmetric JWT secrets via HMAC-style verification). The community-maintained Jumbo edition substantially broadens format coverage (including Unix crypt variants, NTLM, bcrypt, PBKDF2-based schemes, and numerous document/archive/SSH formats) and exposes hardware acceleration via OpenCL where supported. Parallelism (OpenMP/fork) and device offloading are used to scale performance within the constraints of each format’s algorithmic cost.

What It Is

JtR is an offline password auditing and recovery toolkit maintained by Openwall, with a widely used Jumbo branch that extends capabilities and format coverage. It is applied across operating systems, applications, archives/documents, and other credential artifacts that can be converted to JtR’s format syntax. In web-adjacent contexts, practitioners sometimes evaluate weak symmetric JWT secrets by treating HS256 tokens as HMAC-SHA256 targets; JtR relies on its generic HMAC-SHA256 format for this purpose rather than a dedicated JWT format. Its role is to measure real-world resistance of stored secrets to offline attack, inform policy, and validate defensive choices such as KDF selection, secret length, and entropy requirements.

How It Works

JtR consumes inputs normalized into internal formats that define how to test a candidate: the format encapsulates hashing, KDF parameters, HMAC construction, salting, and comparison. The Jumbo edition provides hundreds of such formats, including OpenCL-enabled variants when device offload is meaningful. Candidate generation proceeds via multiple attack modes: single-crack (leveraging user/context data), wordlist attacks augmented with rules for probabilistic mangling, incremental and mask-based brute force for structured keyspaces, and hybrids. Execution scales through CPU parallelism (OpenMP and process forking) and, for compatible formats, GPU acceleration via OpenCL. Results are recorded in a potfile for reuse and deduplication, with status metrics exposing performance and progress characteristics.

Core Concepts

• Offline password auditing vs. online guessing
• Hash/KDF formats and salts (e.g., bcrypt, PBKDF2, SHA-crypt)
• HMAC-based verification for symmetric token secrets (e.g., JWT HS256 via HMAC-SHA256)
• Attack modes: single, wordlist+rules, incremental/mask, hybrid
• Format auto-detection vs. explicit selection; potfile reuse
• Hardware acceleration (OpenMP, fork, OpenCL) and scalability
• Jumbo edition’s extensibility and format coverage

Typical Workflow

• Ingest target material and convert or map it into a supported JtR format using appropriate extractors or transformations.
• Select attack strategies aligned to expected human choice patterns and the cost profile of the target KDF or construction.
• Allocate and tune compute resources (threads, processes, optional OpenCL devices) and observe progress metrics to refine strategy.
• Validate recovered credentials or secrets, track cracked entries via the potfile, and retain evidentiary artifacts appropriately.
• Translate empirical results into risk assessments and policy recommendations concerning KDFs, password hygiene, and secret management.

Use Cases

• Enterprise password audits against OS/account stores (e.g., Unix shadow, NTLM) to measure policy strength and reuse risk. (openwall.com)
• Forensic validation of credentials recovered from systems or images by other tools (archives, documents, SSH keys via “to-john” converters). (openwall.com)
• Assessing feasibility of recovering weak symmetric JWT secrets by treating HS256 tokens as HMAC-SHA256 targets; informs rotation and entropy requirements. (northgreensecurity.com)
• Red team and lab exercises benchmarking hash/KDF resistance and GPU acceleration trade-offs. (openwall.com)
• Support to incident response when evaluating the blast radius of leaked password databases or stolen token material, limited to offline analysis. (en.wikipedia.org)

Limitations

• Not a web-application testing suite; it is an offline auditor. Web-specific JWT attacks such as alg:none or key confusion are out of scope. JtR can help guess weak symmetric secrets (HS256) but cannot break asymmetric JWT signatures (RS/EC).
• Effectiveness depends on target KDF and secret entropy; slow or memory-hard schemes (e.g., bcrypt with high cost) and high-entropy secrets may be impractical to crack.
• Correct format identification and proper extraction/normalization are required; misclassification prevents loading or yields invalid results.
• GPU acceleration and optimizations are format-dependent; not all formats benefit equally from OpenCL or parallelism.
• Subject to legal and ethical constraints; positioned by the publisher as a security auditing tool for authorized use.

Related Tools

• Hashcat: Alternative offline password cracker with extensive GPU focus and an explicit JWT mode (16500); often compared/complementary in audits.
• Openwall “to-john” utilities (e.g., zip2john, pdf2john, ssh2john): Companion extractors for converting artifacts into JtR-supported formats.
• jwt_tool / Burp Suite JWT Editor: Web-token analysis and manipulation; complements JtR when evaluating JWT implementations but does not replace its offline cracking role.
• Volatility / memory forensics suites: Upstream sources for secrets extracted from memory; JtR can audit some derived artifacts offline.
• Mimikatz: Extracts credentials from Windows; recovered hashes can be audited with JtR offline.

Evidence Gaps

• Openwall documentation does not list a dedicated JWT format; community guidance relies on the generic HMAC-SHA256 format for HS256 tokens, and an explicit vendor mapping has not been identified.
• Counts of supported formats and OpenCL variants vary by release; authoritative tallies depend on specific build outputs and release notes.

Sources

• John the Ripper official documentation index (Openwall)
• Command-line options and formats (core) (Openwall)
• John the Ripper 1.9.0-jumbo-1 announcement (features, OpenCL) (Openwall)
• John the Ripper (overview) (Wikipedia)
• How to use the John the Ripper password cracker (format coverage) (TechTarget)
• Using JtR/Hashcat against JWT HS256 (community guidance) (North Green Security)
• SANS SEC642 slides excerpt (JWT via JtR HMAC-SHA256) (SANS Institute)
• john-users mailing list (HMAC-SHA256 format present) (Openwall Mailing List)
• https://www.openwall.com/john/doc/OPTIONS.shtml (openwall.com)
• https://www.reddit.com/r/HowToHack/comments/1gcs2c7 (reddit.com)
• https://www.reddit.com/r/HowToHack/comments/dd289n (reddit.com)
• https://notes.davidvarghese.net/information-security/password-cracking/john-the-ripper (notes.davidvarghese.net)

Confidence

high