Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 17 Mar 2015 07:58:34 +0300
From: Solar Designer <>
To: Shinnok <>
Subject: Re: [RFC] Johnny further development proposal

Hi Shinnok,

I'm sorry I didn't comment sooner.  This looks like a good proposal
draft to me.

Are you by any chance GSoC eligible (still or again)?  If so, you're
welcome to apply this year.



On Wed, Oct 08, 2014 at 09:58:27AM +0300, Shinnok wrote:
> Hi list,
> My current plan for Johnny as promised. I should probably add this to 
> some Wiki page, not sure if I still have access there. Comma's added 
> where I really need suggestions/feedback from you guys.
> Immediate tasks:
> 1. Upgrade to Qt 5
> 2. Fix any outstanding bugs or crashes (crash on exit while john is 
> running, pause not working, etc..)
> 4. Support for OS X and distribution package (DMG package, should 
> probably include JtR)
> 5. Ui improvements (hide progress bar when not needed, better sidebar 
> navigation, proper layout constraints so that UI elements look nice, 
> e.g. the button's in the Settings page are a mile long, etc..)
> 6. Windows support and distribution package either:
>   a) .msi if it makes sense, will have to include JtR since I don't 
> think there is one for it
>   b) just .zip package would do
> 7. Make proper .deb package for Linux with CONTROL file that specifies:
>   a) ARCH
>   b) Qt dep
>   c) JtR dep
>   d) app description
>   Maybe Kali have done that properly for their package so we could use 
> that as a reference.
> 8. The progressbar doesn't really say much currently. Percentage of 
> cracked password could just as well be shown as numbers. Maybe we should 
> switch the progress bar to showing either:
>     a) how much till cracking completion (if JtR can estimate that, per 
> cracking mode type would be fine too)
>     b) ??
> 9. Manual plain-text probing for individual hashes
> 10. Hash type suggestion/guessing for individual hashes
> 11. Critical JtR integrations
> Things for later:
> 1. Further JtR integration (need suggestions)
> 2. JtR pro integration
> Things for way later:
> 3. Support multiple cracking sessions, not sure if this can be done now 
> by just running multiple Johnny apps. The best option would be multiple 
> tabs, but if multiple apps would work just as fine I'd be contempt with 
> just that for now.
> 4. Remote cracking sessions, most people that are going to do heavy 
> usage of JtR like a "pro" are not going to crack on the everyday machine 
> where they run Johnny too, but on remote always on headless power 
> beasts, so a cool feature would be for Johnny to be able to 
> tap(securely) on such remote sessions from a remote PC. This needs to be 
> researched and discussed on the lists before anything can be done. What 
> I think the easiest option would be to be able to use ssh pipes to 
> either direct JtR ttys or some log file(no interactivity for this 
> option). Separate watcher daemon is another more complex alternative.
> 5. Translation support?
> 6. Dictionary editing and generation based on interactive rule sets?
> 7. Post-cracking statistics regarding the frequency of passwords, 
> characters and lengths, would be nice. Provided in the statistics pane.
> Goals to keep in mind for the future:
> 1. Maintain default operating system UI looks, until otherwise needed.
> 2. Simplicity over complexity.
> 3. The UI needs to give people reasons to use it, otherwise they'll just 
> skip it.

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ