Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 21 Mar 2012 23:18:40 +0400
From: Aleksey Cherepanov <aleksey.4erepanov@...il.com>
To: john-dev@...ts.openwall.com
Subject: Re: [GSoc] JtR GUI

Dominique,

On Wed, Mar 21, 2012 at 05:47:52PM +0100, Dominique Heer wrote:
> >As magnum already said the current repo is:
> >https://github.com/AlekseyCherepanov/johnny
> Good, I'm up to date now. However, it seems like the last commit is
> 6 months ago. Is this project still alive, does someone actively
> work on it?

I would like to say that I work on it. But really I did not touch
code since September. Sadly...

> >Output is what john prints to its output channel. Log is the content
> >of the log file (john.log, that is written by john). Gui itself does
> >not have log.
> Okay, I understand. I think the user should be able to clear the messages.

I do not like an idea of clearing something without ability to get it
back so I propose to have undo operation for that (seems to be too
complicated for such thing) or to not clear it but to color it out (in
grey for instance) to mark that as old text while new text would be
black.

> >Johnny already captures john's output through pipe (using QProcess
> >class, that has functionality similar to popen). Currently progress
> >shows relation of amount of cracked passwords to amount of all
> >passwords: cracked / all. It is not really meaningful (john will never
> >crack 100% at some circumstances, for instance there could be two
> >types of hashes and john will crack only one while gui shows total
> >progress) though it shows how much passwords we have and how much are
> >cracked.
> Correct me if I'm wrong, but it doesn't seem that Johnny already
> works (or am I doing something wrong?). I can neither load a
> hashlist nor start an attack, for instance.

If you pushed "Load 500000 hashes" button then you do not have file
and (for that time) johnny does not allow you to call john (though it
should at least say something but it is not implemented). Also being
for demos only it does not provide passwords texts. But if you load
real file into johnny, select john binary through settings (or you
have /usr/sbin/john that is default path now, like on Debian), then
johnny allow you to start attack and johnny provide password
field/column that shows cracked passwords as soon as johnny captures
them.

Though at this time passwords are loaded somewhat slow (with very
ineffective algorithm).  Also that place makes gui irresponsible.  So
every time johnny tries to load new cracked passwords it calls 'john
--show', reads results (that part works enough fast as I think) and
then handles it to fill table (that part is deadly slow now).

> What do you think about a third column named "Plaintexts" (or
> something like that) in which, corresponding to their hashes, the
> found passwords are inserted? Is this generally possible? I just
> found it a nice idea.

As I wrote johnny already has it. I think it would be nice to have
sorting abilities and maybe additional field with time there which
password was cracked at. Sort would provide very flexible way to see
passwords. For instance sorting by cracking time descending we will
have newly cracked passwords appearing at the top of the table. Though
it seems to be a complex trick that may be inconvenient for regular
users.

Regards,
Aleksey Cherepanov

Powered by blists - more mailing lists

Your e-mail address:

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.