Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 27 Jun 2012 10:15:47 +0530
From: Dhiru Kholia <dhiru.kholia@...il.com>
To: john-dev@...ts.openwall.com
Subject: Re: keepass2john.c

On Wed, Jun 27, 2012 at 9:32 AM, Solar Designer <solar@...nwall.com> wrote:
> Dhiru -
>
> There's some licensing weirdness with keepass2john.c currently in
> magnum-jumbo.  As far as I can tell, you used code from two projects:
> KeeCracker and kppy.

Correct. Most of the code is from KeeCracker. kppy is written in
Python and I have just borrowed ideas for a
a function from it.

> KeeCracker includes a copy of GPLv2, but maybe that applies to a DLL
> that it uses only rather than to KeeCracker itself.  It is unclear what
> license KeeCracker itself is under.  Also, it is unclear if the GPL
> is "GPLv2 only" or "GPLv2 or later".

KeeCracker license is unknown. I asked about it on its forum (which is
gone now) but got no response.

> kppy is under GPLv3.
> keepass2john.c currently says it is under "GPLv3 or later", but on one
> hand this might not be compatible with KeeCracker's licensing and on the
> other I am unhappy about that (I'd prefer BSD, etc. or "GPLv2 or later").
>
> Maybe we need to inquire with the authors of these programs and ask them
> to relax the licensing to either our preferred terms/wording or, failing
> that, to "GPLv2 or later".

Contacting the author of KeeCracker might not be an option. I will ask
the developer of kppy to consider licensing it under "GPLv2 or later".
(I am already in touch with kppy's developer).

> The process_old_database() and process_database() functions should be
> made static.

Will do.

> Instead of main(), you could have a keepass2john() function that you'd
> call from john.c.

Currently, I haven't integrated it into JtR. Will do it once I have
written the actual fmt file itself.

> For now, though, this is just an unused source file, right?  Maybe I
> should exclude it from 1.7.9-jumbo-6?

Yes, it should be excluded from jumbo-6 release. I am still in process
of developing it. Thanks.

-- 
Cheers,
Dhiru

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ