Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sun, 10 Jun 2012 11:10:18 +0200
From: Frank Dittrich <>
Subject: Re: Patch: allow --markov=SECTION in addition to --markov[=[MIN_LEVEL-]LEVEL[:START[:END[:[MIN_LENGHT-]LENGTH]]]]

On 06/10/2012 09:49 AM, Simon Marechal wrote:
> On 06/09/2012 09:18 PM, Frank Dittrich wrote:
>> I did not see any negative side effects, but please feel free to test
>> the patch and/or suggest changes.
> I should really read the code instead of asking, 

No problem. (You could also have looked at the doc/MARKOV changes in the

> but I am not sure I
> will have time for this soon, so here it is : is it still possible to
> run like this :
> -markov:300:0:1148673650879:24 -sess:markov0
> -markov:300:1148673650879:2297347301758:24 -sess:markov1
> -markov:300:2297347301758:3446020952637:24 -sess:markov2
> -markov:300:3446020952637:4594694603516:24 -sess:markov3
> -markov:300:4594694603516:5743368254395:24 -sess:markov4
> -markov:300:5743368254395:0:24 -sess:markov5

This is still possible.
When the first character after -markov: is not a letter, the old
behavior is still in place.

> (this is the 6 cores run for maxlen=24 and level=300)
> This would probably look like that :
> -markov:confxxx -markov:300:0:1148673650879:24 -sess:markov0

No, using two --markov options is not supported.
Currently, you have to use either the old logic, or the new one.

But it could be extended to support the combination of both versions


Even if we commit the current patch as it is right now, the next step
would just be another enhancement, not a change that is not compatible
with any previous logic.
(I'll have to check what currently happens with --markov=a:100 and a
section [Markov:a:100] in john.conf.
May be I have to add a check that the section name doesn't contain a
colon. Currently this requirement is only mentioned in doc/MARKOV.)

So, your example could look like

-markov:confxxx:300:0:1148673650879:24 -sess:markov0
-markov:confxxx:300:1148673650879:2297347301758:24 -sess:markov1
-markov:confxxx:300:2297347301758:3446020952637:24 -sess:markov2
-markov:confxxx:300:3446020952637:4594694603516:24 -sess:markov3
-markov:confxxx:300:4594694603516:5743368254395:24 -sess:markov4
-markov:confxxx:300:5743368254395:0:24 -sess:markov5


--markov=confxxx:300:0:1148673650879:24 -sess:markov0
--markov=confxxx:300:1148673650879:2297347301758:24 -sess:markov1
--markov=confxxx:300:2297347301758:3446020952637:24 -sess:markov2
--markov=confxxx:300:3446020952637:4594694603516:24 -sess:markov3
--markov=confxxx:300:4594694603516:5743368254395:24 -sess:markov4
--markov=confxxx:300:5743368254395:0:24 -sess:markov5

And your john.conf must contain a section

since the names are not case sensitive.

If we extend the logic this way, the distinction between the
logic and the
logic would be that SESSION begins with a letter (or contains at least
one letter).

For the --markov:SECTION:<more_parameters> case, I suggest that
parameters specified on the command line overwrite parameters specified
in the section [Markov:SECTION]

So with this section:

Statsfile = $JOHN/my_stats
MkvLevel = 250
MkvMaxLen = 10

and a command line parameter

this should be the same as
except that the stats file is $JOHN/my_stats instead of $JOHN/stats.
(Assuming that [Options:Markov] contains Statsfile = $JOHN/stats.)

For your above example, all possible parameters are specified on the
command line, so that just the Statsfile is read from [Markov:example]
instead of [Options:Markov].

This should be fairly easy to implement.

This would even allow to define a Markov section with just one line:

Statsfile = $JOHN/special_stats

Currently I require at least MkvMaxLen and MkvLvl, but if you specify
those on the command line, there is no need to add them to the Markov

The only difficulty would be the "user interface design" decision how to
take care of missing MIN_LEVEL and/or MIN_LENGTH parameters on the
command line if the section
contains these lines:
MkvMinLvl = 220
MkvMinLength = 8

In this case, I'd suggest that

would be the same as

That means, if MIN_LEVEL is not specified, it will be read from
the variable MkvMinLvl in section [Markov:Example].

To avoid this, you'd have to use

Similarly, to avoid MIN_LENGTH=8, you'd have to use

How does that sound? Should we go this route?


Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ