Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 24 Jun 2015 14:03:57 +0300
From: Shinnok <>
Subject: Re: Mathieu's weekly report #8

> On Jun 23, 2015, at 6:06 AM, Mathieu Laprise <> wrote:
> - Shinnok, will we make .rpm, .deb and generic tarball like Aleksey did in 2012? I'm not sure about this one since I recall that you said that you want to let distro maintainers take care of that.

I don't think so. Nobody requested them explicitly, not even Aleksey, even though he posted his pkg CONTROL configs earlier for reference.

Just to stress the point as to why I don't believe in supplying rpm's and deb's in upstream projects, these are the reasons:
1. The distro ecosystem is wide and varied and are moving targets;
2. The supplied JtR's in the official repos vary in versioning accordingly;
3. Same for the Qt SDK;
4. Same for stdlib...;
5. Static builds alternative is a big hassle;

That's why I usually think that upstream open source projects shouldn't worry about supplying such packages, but instead focus on providing value and quality products and the distribution maintainers will follow with official packagings.

That isn't to say we shouldn't provide packages for a distro like Owl, which is in Openwall's scope(afaik it's dormant?), but that's about the extent of it.

Good old fashioned building steps provided in the INSTALL distro file should be enough for the rest.

For this release this what we cover:
1. Source build info in INSTALL for all supported platforms;
2. Include additional info on obsolete platforms (the Qt 4.6.2 work);
3. DMG package built against Qt 5 SDK and tested on Mavericks and Yosemite; 
4. Windows installer built against Qt 5 SDK, tested on Win 7 and 8; Which jumbo/core do we pack, if any? Maybe ask on john-users again; We might leave that for the second release.

> Questions regarding further sprints:
> - What's our plan for week of june 29th, do we still continue with those points or do we change priorities(like JohnSession refactoring or other stuff) ?
> Ability to select/deselect individual hashes from being handled in a cracking session(maybe via a simple checkbox to each row?)
> Search/Filter inside the Passwords tab table view
I'll have a restructured sprint plan for after the release. It will of course include all outstanding work and new developments that we learned of recently.

> The first point is pretty clear, but for #2, maybe I could start a discussion this week about which search fields and filter categories people would like. Shinnok, did you have already some in mind ? In my mind, I have show cracked only or show uncracked only hashes. Also, filter by hash type for jumbo only because it offers --show=types and I implemented HashTypeChecker class in johnny in a previous sprint.

What I have in mind for 2. is:

1. All columns should have an alphabetical ascending or descending sort option; The password column maybe should be the exception, which would sort cracked vs uncracked;
2. The filter should be a small search box atop of the table view; The text should filter against all columns by default with an extra option to select which columns; This allows the user to filter for some usernames, some hashes or some formats to crack, by means of simple text filtering and using the previous 1. feature (the checkboxes) on the results. E.g. Filter based on username column -> select all results -> check all -> start attack. So no.2 will work in tandem with no.1 to add additional functionality. :-)

Thanks for the good work done in the previous week Mathieu!



Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ