Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Wed, 08 Oct 2014 09:58:27 +0300
From: Shinnok <admin@...nnok.com>
To: john-dev@...ts.openwall.com
Subject: [RFC] Johnny further development proposal

Hi list,

My current plan for Johnny as promised. I should probably add this to 
some Wiki page, not sure if I still have access there. Comma's added 
where I really need suggestions/feedback from you guys.

Immediate tasks:
1. Upgrade to Qt 5
2. Fix any outstanding bugs or crashes (crash on exit while john is 
running, pause not working, etc..)
4. Support for OS X and distribution package (DMG package, should 
probably include JtR)
5. Ui improvements (hide progress bar when not needed, better sidebar 
navigation, proper layout constraints so that UI elements look nice, 
e.g. the button's in the Settings page are a mile long, etc..)
6. Windows support and distribution package either:
   a) .msi if it makes sense, will have to include JtR since I don't 
think there is one for it
   b) just .zip package would do
7. Make proper .deb package for Linux with CONTROL file that specifies:
   a) ARCH
   b) Qt dep
   c) JtR dep
   d) app description
   Maybe Kali have done that properly for their package so we could use 
that as a reference.

8. The progressbar doesn't really say much currently. Percentage of 
cracked password could just as well be shown as numbers. Maybe we should 
switch the progress bar to showing either:
     a) how much till cracking completion (if JtR can estimate that, per 
cracking mode type would be fine too)
     b) ??

9. Manual plain-text probing for individual hashes
10. Hash type suggestion/guessing for individual hashes
11. Critical JtR integrations

Things for later:
1. Further JtR integration (need suggestions)
2. JtR pro integration

Things for way later:
3. Support multiple cracking sessions, not sure if this can be done now 
by just running multiple Johnny apps. The best option would be multiple 
tabs, but if multiple apps would work just as fine I'd be contempt with 
just that for now.
4. Remote cracking sessions, most people that are going to do heavy 
usage of JtR like a "pro" are not going to crack on the everyday machine 
where they run Johnny too, but on remote always on headless power 
beasts, so a cool feature would be for Johnny to be able to 
tap(securely) on such remote sessions from a remote PC. This needs to be 
researched and discussed on the lists before anything can be done. What 
I think the easiest option would be to be able to use ssh pipes to 
either direct JtR ttys or some log file(no interactivity for this 
option). Separate watcher daemon is another more complex alternative.
5. Translation support?
6. Dictionary editing and generation based on interactive rule sets?
7. Post-cracking statistics regarding the frequency of passwords, 
characters and lengths, would be nice. Provided in the statistics pane.

Goals to keep in mind for the future:
1. Maintain default operating system UI looks, until otherwise needed.
2. Simplicity over complexity.
3. The UI needs to give people reasons to use it, otherwise they'll just 
skip it.

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ