Date: Tue, 7 Aug 2012 00:33:52 +0200 From: Frank Dittrich <frank_dittrich@...mail.com> To: john-dev@...ts.openwall.com Subject: Re: Aleksey's daily status report #1 On 08/06/2012 09:38 PM, Aleksey Cherepanov wrote: > Done > > - writeup > - tried sessions but failed Is this what you described in your "how to handle sessions" mail? > - format list > - reduced list to only supported by core john > - made field editable so user could enter anything OK, this is what Solar asked for. Would parsing john's usage output and generating the value list upon start be much harder to do? IMO, it would be more reliable. E.g., john versions prior to 1.7.9 didn't have trip. But if Solar wants it this way, I am OK with it. In most cases, auto detection should work, so that will be fine. > I hope these two actions are enough now. For the format, I think this is currently enough. Restoring an attack that had been started and paused is also a must-have, but may be you want to address this when working on sessions. I noticed you added a warning when there is no PathToJohn= line in the config file. Could you apply the same logic (searching for john in PATH) if the line reads: PathToJohn= (This happens if the user clears the input field and then saves.) May be allow this even without a warning during start, and just silently search for john at start? Or require an input, but warn if the PathToJohn=value doesn't refer to an executable file (or to a symlink pointing to an executable file?. OTOH, a user can also enter a bogus value. E.g., entering /home/fd/git/johnny/johnny also resulted in funny behavior when I tried "start attack" > To do > > - sessions Even if we allow attacks with different session names, I think in the first version we shouldn't support starting multiple sessions in parallel. The user has to pause (interrupt) a currently running attack, before he can start or restore another attack. Otherwise mixed output, different password files, different formats will currently be too difficult to handle. Frank
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.