Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Date: Wed, 10 Jun 2015 08:11:30 -0400
From: Mathieu Laprise <mathlaprise@...il.com>
To: john-dev@...ts.openwall.com
Subject: Re: Mathieu's weekly report #6

On Wed, Jun 10, 2015 at 6:56 AM, Shinnok <admin@...nnok.com> wrote:

> Less explicit copy paste in the reports would be nice. Try to summarize
> what happened with your words. This is a thought and clear vision process
> on your side as much as it is a report for us.
>
> You also missed some important bits like, started discussion regarding the
> next release and asked for feedback on that matter from the lists
>
Regarding "Adapt HashTypeChecker to JohnHandler interface", JohnHandler is
a new class in Johnny to allows easier multithreading. The HashTypeChecker
class is responsible of showing hash types suggestion (in the format
dropdown list and in the password tableview). I did it during previous
weeks but this week I adapted it to the new JohnHandler interface.

Regarding "Implement password guessing", there is a "Guess" button in the
main toolbar. If the user clicks on it, a pop-up appears and he can enter a
passphrase. We call john --show to know if the password is discovered and
it'll be shown in the pwd tableview . It is based on JohnHandler interface.

While working on that I discovered an issue to Johnny,
https://github.com/shinnok/johnny/issues/22. Imagine the .pot file has some
already cracked password in it. If we open a new file, start a new attack
or resume another one with a different format, callJohnShow() method call
./john --formatXXX --show pw1.txt. In the tableview, the already cracked
password from the .pot file from format YYY won't appears and the tableview
will be empty.

Regarding "Multiple session management - session history part", each
session is saved automatically into a .johnny file. The name of the file is
based on the time and date it is saved. The user can load any session from
a list menu or clear the history which will delete the files.

I also started thinking about which minimum version of Qt we should support
for release (Qt 4, 5, 5.1, 5.4 ) ? Do we want to still support Qt 4 since
some functions are missing. Should we use latest functions or always make
workarounds to support older versions of Qt ? I'll start this week a
discussion about that on the list.

I forgot in my last report to talk about the work regarding discussion and
preparation for the upcoming release. The week where we'll put the more
effort into preparing release starts in june 22nd. Our plan is to release a
new version in the first week of july. We started a discussion with the
users @ john-user to know which platform we should support for binary
packaging and testing. Also, would people benefits from a proper installer
? So far, we have request for OS X Mavericks and up and Windows 32 and 64
bits.

We also discussed about implementation of release, we can't use static
linking of Qt because of licensing. We'll probably bundle jumbo with Johnny
and all required libs for the platform with binary packaging. On Windows,
I'll look this week on the Qt Windows installer.

Content of type "text/html" skipped

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.