Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Date: Mon, 6 Aug 2012 20:16:32 +0400
From: Aleksey Cherepanov <aleksey.4erepanov@...il.com>
To: john-dev@...ts.openwall.com
Subject: johnny: how to handle sessions?

I tried to understand how I see work with sessions in Johnny. And I
see problems.

For new attacks I think to use just names. These names would refer to
sessions in some dir in home. I guess this dir is ~/.john .

I'd use dir because gui is not intended to have current dir unlike
john that is called from command line standing in some defined and
reasonable place - johnny is somewhere, not in particular dir unless
we support cwd changes, for instance we could follow passwd file: user
opens passwd file and johnny cd'es into dir of this file.

To restore user opens .rec file in johnny. Johnny reads it and opens
respective passwd file. (Also johnny could set settings like they were
before session creation so user see what the session is.) But it needs
to read and parse session file that is considered bad.

I could imaging other approaches that connect file with its sessions
(by sha1 I guess). But using them Johnny would not support sessions
created from command line.

Will we document session file format? Unlike MJohn that creates its
own sessions always Johnny would support seamless migration between
gui and cli. I guess it is a good feature. OTOH johnny could be viewed
as a viewer for progress that is able to start john but do not connect
this starts with files viewed.

How do you see sessions in johnny?

What should I do before summer end? What will we do later?

Thanks!

-- 
Regards,
Aleksey Cherepanov

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.