Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Thu, 14 Apr 2011 15:47:39 -0500
From: "jfoug" <jfoug@....net>
To: <john-dev@...ts.openwall.com>
Subject: RE: [GSoC] Johnny - GUI frontend for JtR

>-----Original Message-----
>From: Shinnok Sent: Tuesday, April 12, 2011 2:27 PM

>Any links and
>interesting/crazy usages of JtR you might have are very welcomed.

There are several things I use john for over and above 'cracking'. 
Also, there are several (MANY) things which a GUI would be great
to provide features.

I find word list maintenance, rule building/maintaining, and work
flow task to be things which are all very important tasks to be 
done in PW cracking/auditing. 

For word list maintenance, you need:
  1. acquisition of word lists.
  2. clean up of word lists.  One big thing john can help here is 
     the unique build of john.
  3. warehousing these wordlists, and matching up with specific 
     rules to work with them.
  4. providing meta data about wordlists (meta data will be 
     tied back together in the workflow section).

For rule building/maintaining, john provides very little 'help'.
This would be an ideal add-on functionality for a GUI.  I have 
thought of doing some of this myself (in perl or java, I have
wanted to do #1 and #2).  I can see things such as:
  1. rule building wizard.
  2. rule to plain explanation wizard (reverse of #1)
  3. grouping and warehousing of rules.
  4. providing meta information to associate rule sets with 
     word list(s), and possibly with formats.
  5. possibly providing 'hooks' so that external rule generation 
     programs can build rules, ready for john to use (pie in the
     sky type request)

One greatly important need, which currently is FULLY lacking of
any functionality within john, is ability to build, maintain and
expand workflows.  Along the same line, something missing from
john, is ability to database hashes, including what work has been
done against them already. This is VERY important for salted hashes.
An interesting addition to warehousing the hashes, and work done,
is also warehousing just what cracked them (when they are cracked).
Listing things such as the crack mode, the wordlist file, and what
word, if it was done markov, if it was brute force, and which one,
if it was rule based, what word file and what rule broke it..
Once a lot of data like that has been generated, it would make
for great data mining, to find what works, and what is simply
a waste of time.  NONE of this is 'in' john, but a wrapper program
could be written to provide this additional logic, and data storage.


I am just tossing out some additional things which would be great to
have in a GUI.  I am not sure this is within the scope of the work
that is laid out to be done in the GSoC or not. 

Jim.

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ