Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Date: Mon, 16 Jun 2008 14:13:42 +1200
From: Russell Fulton <r.fulton@...kland.ac.nz>
To: john-users@...ts.openwall.com
Subject: Re: search path for config file

First off, thanks for the explanation about the "home directory".  I  
suggest that you include it in a HOME file in the doc directory and  
have CONFIG refer to it.  I understand why you don't want it in the  
CONFIG file.


On 16/06/2008, at 1:52 PM, Solar Designer wrote:
>
>> I have tried setting the environment variable JOHN but
>> this does not seem to have any effect.
>
> Correct.  John does not use environment variables.
>
> I understand that the "$JOHN" notation in john.conf might be a bit
> confusing in this respect.  Should I replace the "$" with another
> character (what character) or should I enhance the code to actually
> check for environment variable of this name first or is it better to
> leave everything as-is but improve the documentation?

Perhaps a single line comment pointing to the docs....

>
>
>> On a side issue I am about to get my grubby mitts on an "IronKey
>> Enterprise" encrypted flash drive and intend to install john on the
>> secured portion of the drive and keep the password files and pot etc.
>> on the normal file section.   That way I should have all the  
>> sensitive
>> stuff in one very secure place.
>
> Would you also disable swap on the systems where you do any processing
> of the sensitive files?  Note that you would need to not re-enable the
> swap until you power-off and wait at least a few minutes before  
> powering
> back on. ;-)  (The power-on memory test might be bypassed or it  
> might be
> non-destructive - it was never meant as a security measure.)  That's  
> the
> paranoia; in practice, there are many "natural" mitigating factors,
> which make sensitive data leaks via swap not too likely (especially on
> Linux, which makes relatively little use of swap) - but I do disable
> swap on my computers before mounting encrypted filesystems, and I  
> don't
> re-enable it until I reboot.
>

No -- this really is above my paranoia level ;)   The main thing I  
want to achieve is that there are no 'obvious' stuff laying around  
when I finish a job.   Mind you the Mac has 'secure' swap turned on  
(but I have never investigated exactly what that does --- time to read  
the MacOSX security guide that Apple release a couple of weeks back :)

>> If anyone is interested in how this goes drop me a note
>
> I suggest that you simply post a summary to the list.

Will do.

Russell
Download attachment "smime.p7s" of type "application/pkcs7-signature" (2503 bytes)

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.