Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID: <4E107CAE.4040608@shinnok.com>
Date: Sun, 03 Jul 2011 17:29:02 +0300
From: Shinnok <admin@...nnok.com>
To: john-dev@...ts.openwall.com
CC: Solar Designer <solar@...nwall.com>, 
 Aleksey Cherepanov <aleksey.4erepanov@...il.com>
Subject: Johnny GUI interactive status from John

Hi john-dev,

I am halfway to implementing a simple integration for Johnny[1] with
John using the command line wrapper method, I'll submit to this list
once I have something cool to show. I will also create a Wiki page after
that specific the this GUI for John.

For the moment I'll call this GUI for John, Johnny, just for the sake of
sparing two words.

However, the main purpose for this e-mail is to probe with you guys,
approaches to how I could/can get interactive status reports from John,
statuses which are pretty vital for a GUI since this is the only method
we can get information about John's cracking progress using the command
line approach.
Currently one can grab status information from a running John instance
using the following two methods:

1.If running in a tty one can press any key to the process stdin and get
a status report like this:

guesses: 0  time: 0:00:54:44 40% (2)  c/s: 36.78  trying: hwrd - smnn
guesses: 0  time: 0:00:54:47 40% (2)  c/s: 36.77  trying: snny1 - bsnss
guesses: 0  time: 0:00:54:49 40% (2)  c/s: 36.78  trying: snny1 - bsnss

2.By invoking john with the --status command line argument.

$ ./john --status
guesses: 0  time: 0:00:54:56 40% (2)  c/s: 36.76
$ ./john --status
guesses: 0  time: 0:00:54:59 41% (2)  c/s: 36.76

The problems with these methods from the GUI perspective are as follow:

1. This one applies only if john is ran from a tty device. Merely
creating the process with popen() makes john ignore those keypresses and
as a result this method cannot be used. Approaches to this one would be
to modify john's behavior in this regards or add an extra(secret?not
showing in -h or manpage) parameter specific for the GUI. This approach
would leave room for extra information to be printed that we might need
for the GUI.

2. This second one has several issues to be considered:

   *Using this method would involve running another john instance
    separately from the cracking one to interrogate each time we want
    john's status. This is not nice.

   *Another issue with this one is that john updates the status in
    john.rec as often as specified in john.conf "Save" directive, which
    by default it is set to 600 seconds. Using this from the GUI would
    mean to modify the configuration to something like 5s or 10s.

   *And yet another problem with this method is that these lines miss
    the "trying: xxxx - xxxx" column that the first method has. I could
    really use that in the gui to show some interesting output.

We need this kind of information in order to make Johnny show useful and
valuable cracking progress and status info, since otherwise the
interface would just be a dull one with two buttons, start and stop, in
which case Johnny would be irrelevant. We are already pretty limited
regarding the info we can get from a running john and some of the
functionality shown in [1] will be stripped away because it cannot be
done, at least for the moment. I guess I ended up preaching for a method
that would a allow for a much more verbose mode of operation for John,
after all.

I'm eagerly waiting for your invaluable input on this.

Cheers,
Shinnok

[1]http://openwall.info/wiki/john/GUI#Shinnok

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.