Features and performance.

John the Ripper is designed to be both feature-rich and fast. It combines several cracking modes in one program and is fully configurable for your particular needs (you can even define a custom cracking mode using the built-in compiler supporting a subset of C). Also, John is available for several different platforms which enables you to use the same cracker everywhere (you can even continue a cracking session which you started on another platform).

Out of the box, John supports (and autodetects) the following Unix crypt(3) hash types: traditional and double-length DES-based, BSDI extended DES-based, FreeBSD MD5-based (now also used on Linux and in Cisco IOS), and OpenBSD Blowfish-based (now also used on some Linux distributions). Also supported out of the box are Kerberos/AFS and Windows NT/2000/XP LM (DES-based) hashes.

Contributed patches add support for many more password hash types, including Windows NT/2000/XP NTLM (MD4-based) hashes, several hash types used on OpenVMS, hashes used by MySQL, Netscape LDAP server, Eggdrop IRC bot, S/Key skeykeys files, and for Kerberos v4 TGTs.

Unlike other crackers, John doesn't use a crypt(3)-style routine. Instead, it has its own highly optimized modules for different hash types and processor architectures. Some of the algorithms used, such as bitslice DES, couldn't have been implemented within the crypt(3) API; they require a more powerful interface such as the one used in John. Additionally, there are assembly language routines for several processor architectures, most importantly for x86 with MMX and SSE2.