Date: Thu, 22 Mar 2012 17:33:58 +0400 From: Aleksey Cherepanov <aleksey.4erepanov@...il.com> To: john-dev@...ts.openwall.com Subject: Re: [GSoc] JtR GUI On Thu, Mar 22, 2012 at 11:12:13AM +0100, Dominique Heer wrote: > >I do not like an idea of clearing something without ability to get it > >back so I propose to have undo operation for that (seems to be too > >complicated for such thing) or to not clear it but to color it out (in > >grey for instance) to mark that as old text while new text would be > >black. > > Although the user clears the messages, they are still saved in > John's output and log files, I guess. So it shouldn't be a problem > to get the messages back by hitting some kind of 'Read Log' button. > But the idea of working with colors is adequate, too. On the other > hand, John's log file can in some cases grow very big (over 25000 > lines when I tested it, and I only did run it for three minutes), so > it probably doesn't make sense to keep this all in the log textview. > Maybe we should cut it and display only the first ~10000 lines? Output is not saved for that time but it could be saved in memory and just not showed fully or really saved in a file (this could provide johnny an ability to be restarted without loss of information). I think if you have a lot of lines during 3 minutes then you may want to search over them all. It may be more appropriate to not show lines that are older than hour (or any other time span). It depends on user needs so it should be customizable. Though the needs could be changed so something more flexible could be appropriate: we keep everything (in file or memory) and show according to settings (or it could be called filters). > >As I wrote johnny already has it. I think it would be nice to have > >sorting abilities and maybe additional field with time there which > >password was cracked at. Sort would provide very flexible way to see > >passwords. For instance sorting by cracking time descending we will > >have newly cracked passwords appearing at the top of the table. Though > >it seems to be a complex trick that may be inconvenient for regular > >users. > > An additional field with time is a great idea (some users, including > me, like to have as much information as possible, you know?), and > pushing newly cracked hashes and their plaintexts to the top is a > good idea as well, but may lead to performance problems when loading > a huge hashlist (in GTK, for instance, you must then update all row > iterators which takes a lot of time, don't know how Qt handles > this). I like to have everything that I may wish to use, of course that should be mechanism to navigate easily through that all. Different sort and filters could help to navigate (as of complex sorting and filtering may be long to set up, user could want to have multiple simultaneous views with different sorts or filters). I could not predict speed. But I guess that the fastest implementation should be built on top of existing database engine (for instance sqlite that is supported by qt and does not need from user any installation). There is QSqlTableModel (and QSqlRelationalTableModel) that could be used as model for tableview. Then we should have a view in db that represents original table with needed filters and sorts (something like "create view ViewName as select * from TableName where <filters> order by <sorting preferences>" where TableName is name of table with all data, <filters> are filters' expressions generated from users settings, <sorting preferences> is sorting settings, for instance it could be "passwords" or "passwords, username", the further means "to sort by passwords and sort by username if passwords are equal, I think it could be nice to have such sorting capability but I do not know how to represent them in gui. By the way sqlite program has output to html that could be used for export but I do not know whether qt supports this or not, seems not and the easiest way to export is to write our own full code or to use xml output). And I think QSqlTableModel will show what we want. I think it will be easy to try it and measure speed. > >But if you load > >real file into johnny, select john binary through settings (or you > >have /usr/sbin/john that is default path now, like on Debian), then > >johnny allow you to start attack and johnny provide password > >field/column that shows cracked passwords as soon as johnny captures > >them. > > Okay, thank you, it now works with passwd files. What do you think > about a third control button which allows the user to abort the > current session? Up to now, the user can only start, pause and quit, > but not abort the current session. What does abort mean? What should be done? Should it do things like pause, quit, restart together but not loosing options? Progress is stored by john so when we restart johnny we loose only state of gui. So we should add button either to abort john's session (for what?) or to reset gui's state just to be able to do things like pause+restart. I think reverse thing could be nice: to restore gui's state on start. Regards, Aleksey Cherepanov
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.