Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID: <BLU0-SMTP12244D631E5F0279057F38DFDD70@phx.gbl>
Date: Fri, 13 Jul 2012 12:54:10 +0200
From: Frank Dittrich <frank_dittrich@...mail.com>
To: john-dev@...ts.openwall.com
Subject: Re: Re: Aleksey's status report #10

On 07/13/2012 11:19 AM, Aleksey Cherepanov wrote:
> Frank, please, look onto the script.

The daemon part:

Maybe you need to add something like

killall -s 1 john

so that all currently running instances update the .rec/.log/.pot file.
Otherwise you might push results that are (per default config settings)
almost 10 minutes older than they needed to be.

If a user has differently named executable files, e.g. a john-omp for
formats where this makes sense), you'd need to remember the names of the
executable files used by your attacks, and send a signal 1 to all of them.
(Alternatively, if you can grab the process ID, you could also send the
signal to individual processed.)

Also, unless I missed something, you'll currently use git add ... even
if nothing changed compared to the previous time your daemon ran.
(Most likely cause for that would be that the session finished, and you
already committed and pushed its changes before.
Should you somehow mark the attacks as finished when the .rec file
disappeared (a session could also have been completed in a few seconds,
so that you never found a .rec file for this particular session.

Do we need to parse the end of the log file to see if the session
completed or if it has been aborted?

Could/should you skip the git push, if none of your git commit commands
ended successful?

Frank

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.