Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Thu, 22 Mar 2012 17:33:58 +0400
From: Aleksey Cherepanov <aleksey.4erepanov@...il.com>
To: john-dev@...ts.openwall.com
Subject: Re: [GSoc] JtR GUI

On Thu, Mar 22, 2012 at 11:12:13AM +0100, Dominique Heer wrote:
> >I do not like an idea of clearing something without ability to get it
> >back so I propose to have undo operation for that (seems to be too
> >complicated for such thing) or to not clear it but to color it out (in
> >grey for instance) to mark that as old text while new text would be
> >black.
> 
> Although the user clears the messages, they are still saved in
> John's output and log files, I guess. So it shouldn't be a problem
> to get the messages back by hitting some kind of 'Read Log' button.
> But the idea of working with colors is adequate, too. On the other
> hand, John's log file can in some cases grow very big (over 25000
> lines when I tested it, and I only did run it for three minutes), so
> it probably doesn't make sense to keep this all in the log textview.
> Maybe we should cut it and display only the first ~10000 lines?

Output is not saved for that time but it could be saved in memory and
just not showed fully or really saved in a file (this could provide
johnny an ability to be restarted without loss of information). I
think if you have a lot of lines during 3 minutes then you may want to
search over them all. It may be more appropriate to not show lines
that are older than hour (or any other time span). It depends on user
needs so it should be customizable. Though the needs could be changed
so something more flexible could be appropriate: we keep everything
(in file or memory) and show according to settings (or it could be
called filters).

> >As I wrote johnny already has it. I think it would be nice to have
> >sorting abilities and maybe additional field with time there which
> >password was cracked at. Sort would provide very flexible way to see
> >passwords. For instance sorting by cracking time descending we will
> >have newly cracked passwords appearing at the top of the table. Though
> >it seems to be a complex trick that may be inconvenient for regular
> >users.
> 
> An additional field with time is a great idea (some users, including
> me, like to have as much information as possible, you know?), and
> pushing newly cracked hashes and their plaintexts to the top is a
> good idea as well, but may lead to performance problems when loading
> a huge hashlist (in GTK, for instance, you must then update all row
> iterators which takes a lot of time, don't know how Qt handles
> this).

I like to have everything that I may wish to use, of course that
should be mechanism to navigate easily through that all. Different
sort and filters could help to navigate (as of complex sorting and
filtering may be long to set up, user could want to have multiple
simultaneous views with different sorts or filters). I could not
predict speed. But I guess that the fastest implementation should be
built on top of existing database engine (for instance sqlite that is
supported by qt and does not need from user any installation). There
is QSqlTableModel (and QSqlRelationalTableModel) that could be used as
model for tableview. Then we should have a view in db that represents
original table with needed filters and sorts (something like "create
view ViewName as select * from TableName where <filters> order by
<sorting preferences>" where TableName is name of table with all data,
<filters> are filters' expressions generated from users settings,
<sorting preferences> is sorting settings, for instance it could be
"passwords" or "passwords, username", the further means "to sort by
passwords and sort by username if passwords are equal, I think it
could be nice to have such sorting capability but I do not know how to
represent them in gui. By the way sqlite program has output to html
that could be used for export but I do not know whether qt supports
this or not, seems not and the easiest way to export is to write our
own full code or to use xml output). And I think QSqlTableModel will
show what we want. I think it will be easy to try it and measure
speed.

> >But if you load
> >real file into johnny, select john binary through settings (or you
> >have /usr/sbin/john that is default path now, like on Debian), then
> >johnny allow you to start attack and johnny provide password
> >field/column that shows cracked passwords as soon as johnny captures
> >them.
> 
> Okay, thank you, it now works with passwd files. What do you think
> about a third control button which allows the user to abort the
> current session? Up to now, the user can only start, pause and quit,
> but not abort the current session.

What does abort mean? What should be done? Should it do things like
pause, quit, restart together but not loosing options? Progress is
stored by john so when we restart johnny we loose only state of gui.
So we should add button either to abort john's session (for what?) or
to reset gui's state just to be able to do things like pause+restart.
I think reverse thing could be nice: to restore gui's state on start.

Regards,
Aleksey Cherepanov

Powered by blists - more mailing lists

Your e-mail address:

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.