Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Thu, 22 Mar 2012 11:12:13 +0100
From: Dominique Heer <dominique.heer@...ine.de>
To: john-dev@...ts.openwall.com
Subject: Re: [GSoc] JtR GUI

Hi Aleksey,

> I would like to say that I work on it. But really I did not touch
> code since September. Sadly...

That's why GSoC exists ;-)

> I do not like an idea of clearing something without ability to get it
> back so I propose to have undo operation for that (seems to be too
> complicated for such thing) or to not clear it but to color it out (in
> grey for instance) to mark that as old text while new text would be
> black.

Although the user clears the messages, they are still saved in John's 
output and log files, I guess. So it shouldn't be a problem to get the 
messages back by hitting some kind of 'Read Log' button. But the idea of 
working with colors is adequate, too. On the other hand, John's log file 
can in some cases grow very big (over 25000 lines when I tested it, and 
I only did run it for three minutes), so it probably doesn't make sense 
to keep this all in the log textview. Maybe we should cut it and display 
only the first ~10000 lines?

> As I wrote johnny already has it. I think it would be nice to have
> sorting abilities and maybe additional field with time there which
> password was cracked at. Sort would provide very flexible way to see
> passwords. For instance sorting by cracking time descending we will
> have newly cracked passwords appearing at the top of the table. Though
> it seems to be a complex trick that may be inconvenient for regular
> users.

An additional field with time is a great idea (some users, including me, 
like to have as much information as possible, you know?), and pushing 
newly cracked hashes and their plaintexts to the top is a good idea as 
well, but may lead to performance problems when loading a huge hashlist 
(in GTK, for instance, you must then update all row iterators which 
takes a lot of time, don't know how Qt handles this).

> But if you load
> real file into johnny, select john binary through settings (or you
> have /usr/sbin/john that is default path now, like on Debian), then
> johnny allow you to start attack and johnny provide password
> field/column that shows cracked passwords as soon as johnny captures
> them.

Okay, thank you, it now works with passwd files. What do you think about 
a third control button which allows the user to abort the current 
session? Up to now, the user can only start, pause and quit, but not 
abort the current session.

Regards,
Dominique

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ