Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <BLU0-SMTP1693C119EA5DA5444970BA8FDCF0@phx.gbl>
Date: Tue, 7 Aug 2012 00:33:52 +0200
From: Frank Dittrich <frank_dittrich@...mail.com>
To: john-dev@...ts.openwall.com
Subject: Re: Aleksey's daily status report #1

On 08/06/2012 09:38 PM, Aleksey Cherepanov wrote:
> Done
> 
> - writeup
> - tried sessions but failed

Is this what you described in your "how to handle sessions" mail?

> - format list
>   - reduced list to only supported by core john
>   - made field editable so user could enter anything

OK, this is what Solar asked for.
Would parsing john's usage output and generating the value list upon
start be much harder to do?
IMO, it would be more reliable. E.g., john versions prior to 1.7.9
didn't have trip.
But if Solar wants it this way, I am OK with it.
In most cases, auto detection should work, so that will be fine.

>   I hope these two actions are enough now.

For the format, I think this is currently enough.


Restoring an attack that had been started and paused is also a
must-have, but may be you want to address this when working on sessions.

I noticed you added a warning when there is no PathToJohn= line in the
config file.
Could you apply the same logic (searching for john in PATH) if the line
reads:
PathToJohn=
(This happens if the user clears the input field and then saves.)
May be allow this even without a warning during start, and just silently
search for john at start?
Or require an input, but warn if the PathToJohn=value
doesn't refer to an executable file (or to a symlink pointing to an
executable file?.
OTOH, a user can also enter a bogus value. E.g., entering
/home/fd/git/johnny/johnny
also resulted in funny behavior when I tried "start attack"


> To do
> 
> - sessions

Even if we allow attacks with different session names, I think in the
first version we shouldn't support starting multiple sessions in
parallel. The user has to pause (interrupt) a currently running attack,
before he can start or restore another attack.

Otherwise mixed output, different password files, different formats will
currently be too difficult to handle.

Frank

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.