Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID: <20150405101919.GA1013@openwall.com>
Date: Sun, 5 Apr 2015 13:19:19 +0300
From: Aleksey Cherepanov <aleksey.4erepanov@...il.com>
To: Shinnok <admin@...nnok.com>
Cc: john-dev@...ts.openwall.com
Subject: Re: [RFC] Johnny further development proposal

Shinnok,

On Thu, Mar 26, 2015 at 05:09:21PM +0200, Shinnok wrote:
> http://openwall.info/wiki/john/johnny-roadmap

I have some comments:

1.2 #2: crash on exit while john is running

I guess it was fixed in release branch. Though master was behind the
release branch. I merged release into master. So johnny should not
crash now. If it crashes please report your example.


1.3
 4. Add tooltips to all UI actions that are not very self explanatory
    to a new comer

I like the idea of context help.

Though tooltips are not very attractive for me. I like the way some
program showed help: there is a region of screen for help, when you
navigate mouse to some element the corresponding help is shown in the
region immediately (though it has drawback: you can't use mouse on
other element following the help, it disappears, so the text should be
designed well). I think the program was VirtualBox, though at the
moment I don't see such ui element there...


1.4 #1 proper threading

I've dropped code for threading, there is no explicit threading now.
Threading makes things complex. I think threading that I dropped did
not provide the speed because the bottleneck was adding to the grid
that could not be done in thread. So I just made the adding fast
enough using hash table to map hashes into lines of grids.


1.5
 1. Hash type suggestion/guessing for individual hashes (which is the
    best way? do we have any support from JtR jumbo with that)

Jumbo suggests possible other formats when the cracking is started.
Though it suggest only for the whole pack (actually by the type of the
first hash I think), not for the individual hashes. I think it is
needed to implement separate option to show types for each hashes,
probably not starting attack.


1.6
 1. Manual plain-text user probing for individual ciphers(manual
    guessing)

It should not be hard to pass words from users to john (through file
or through pipe). Though showing of the result hash is the other
story. Also attack against individual hash (1.8 #2) is a separate task
too (and user should be warned about not salted hashes that are very
cheap try all at once; maybe for not salted hashes, it should be
deprecated at all).


1.7
 1. Dictionary editing and generation based on interactive rule sets?

More details please.


1.8
 2. Ability to select/deselect individual hashes from being handled
    from a s

It looks unfinished. I wrote some ideas in 1.6 #1.


2.0
 1. Note: First stable release.

BTW current release may be viewed as stable. Though it does not
support jumbo. And some things from core like unshadow.


2.1
 1. Post-cracking statistics regarding the frequency of passwords,
    characters and lengths, would be nice. Provided in a new
    statistics pane.

There are Free and Open Source Software tools to perform analysis
using cli. We may integrate some of them.


Nice plan. Thanks!

-- 
Regards,
Aleksey Cherepanov

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.