Date: Mon, 21 May 2012 15:53:18 +0400 From: Aleksey Cherepanov <aleksey.4erepanov@...il.com> To: john-dev@...ts.openwall.com Subject: Re: file synchronization backend for MJohn On Sun, May 20, 2012 at 08:13:36PM -0400, Rich Rumble wrote: > On Sun, May 20, 2012 at 6:16 PM, Aleksey Cherepanov > <aleksey.4erepanov@...il.com> wrote: > >> Supporting "after action" reports is a definite plus. > > > > We could use git only on the server just to make history (not using it > > for file transfers). > I skimmed the thread, but my 2cents are, clients copy the hashes to > the server, keep individual (pot)files named by some arbitrary/unique > ID, perhaps timestamped file names with an unique id. Cat/sort/unique > or diff them into Latest.pot at some arbitrary interval. During the > uniq/diff process you can create stats like client-x produced 100 > passwords in the last 5 minutes, Client-y did not report in this > interval. This could also be a git/svn process, but each machine is > keeping some "latest-master" pot file maintained, perhaps in folders > named after each client/thread or what ever splits up the work (same > client might do a wordlist and a incremental mode in other threads). > Or again just go for simple, and "logrotate" older files > out(compressed) after stats and the "latest-master.pot" have been > created/updated. As simple as possible, but not simpler :) I'd start > with SCP and Cron, just to flesh it out. This seems to be a way too. So if tricks with git turn out too complex I'd probably do something similar. Though I'd not use cat/sort/unique, more likely I'd keep order as is to be able to request changes by line numbers: client got .pot file and remembers number of lines in it, after some cracks he copies lines from .pot after this number - it is newly cracked passwords, he sends that part of file to server and requests lines from server's .pot after remembered number of lines - it is passwords cracked by other clients (it is roughly, as is there could be losses). I should note that it is not important to receive cracked passwords from server as soon as possible because their use needs restart of john that should not be frequent. I guess it even possible to download full .pot when it is needed (at start of attack). Though if it will be worth we could add to john an ability to pull in newly cracked passwords without restart. Will it be worth? Regards, Aleksey Cherepanov
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.