Date: Wed, 21 Mar 2012 23:18:40 +0400 From: Aleksey Cherepanov <aleksey.4erepanov@...il.com> To: john-dev@...ts.openwall.com Subject: Re: [GSoc] JtR GUI Dominique, On Wed, Mar 21, 2012 at 05:47:52PM +0100, Dominique Heer wrote: > >As magnum already said the current repo is: > >https://github.com/AlekseyCherepanov/johnny > Good, I'm up to date now. However, it seems like the last commit is > 6 months ago. Is this project still alive, does someone actively > work on it? I would like to say that I work on it. But really I did not touch code since September. Sadly... > >Output is what john prints to its output channel. Log is the content > >of the log file (john.log, that is written by john). Gui itself does > >not have log. > Okay, I understand. I think the user should be able to clear the messages. I do not like an idea of clearing something without ability to get it back so I propose to have undo operation for that (seems to be too complicated for such thing) or to not clear it but to color it out (in grey for instance) to mark that as old text while new text would be black. > >Johnny already captures john's output through pipe (using QProcess > >class, that has functionality similar to popen). Currently progress > >shows relation of amount of cracked passwords to amount of all > >passwords: cracked / all. It is not really meaningful (john will never > >crack 100% at some circumstances, for instance there could be two > >types of hashes and john will crack only one while gui shows total > >progress) though it shows how much passwords we have and how much are > >cracked. > Correct me if I'm wrong, but it doesn't seem that Johnny already > works (or am I doing something wrong?). I can neither load a > hashlist nor start an attack, for instance. If you pushed "Load 500000 hashes" button then you do not have file and (for that time) johnny does not allow you to call john (though it should at least say something but it is not implemented). Also being for demos only it does not provide passwords texts. But if you load real file into johnny, select john binary through settings (or you have /usr/sbin/john that is default path now, like on Debian), then johnny allow you to start attack and johnny provide password field/column that shows cracked passwords as soon as johnny captures them. Though at this time passwords are loaded somewhat slow (with very ineffective algorithm). Also that place makes gui irresponsible. So every time johnny tries to load new cracked passwords it calls 'john --show', reads results (that part works enough fast as I think) and then handles it to fill table (that part is deadly slow now). > What do you think about a third column named "Plaintexts" (or > something like that) in which, corresponding to their hashes, the > found passwords are inserted? Is this generally possible? I just > found it a nice idea. As I wrote johnny already has it. I think it would be nice to have sorting abilities and maybe additional field with time there which password was cracked at. Sort would provide very flexible way to see passwords. For instance sorting by cracking time descending we will have newly cracked passwords appearing at the top of the table. Though it seems to be a complex trick that may be inconvenient for regular users. Regards, Aleksey Cherepanov
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.