Date: Sun, 5 Apr 2015 13:19:19 +0300 From: Aleksey Cherepanov <aleksey.4erepanov@...il.com> To: Shinnok <admin@...nnok.com> Cc: john-dev@...ts.openwall.com Subject: Re: [RFC] Johnny further development proposal Shinnok, On Thu, Mar 26, 2015 at 05:09:21PM +0200, Shinnok wrote: > http://openwall.info/wiki/john/johnny-roadmap I have some comments: 1.2 #2: crash on exit while john is running I guess it was fixed in release branch. Though master was behind the release branch. I merged release into master. So johnny should not crash now. If it crashes please report your example. 1.3 4. Add tooltips to all UI actions that are not very self explanatory to a new comer I like the idea of context help. Though tooltips are not very attractive for me. I like the way some program showed help: there is a region of screen for help, when you navigate mouse to some element the corresponding help is shown in the region immediately (though it has drawback: you can't use mouse on other element following the help, it disappears, so the text should be designed well). I think the program was VirtualBox, though at the moment I don't see such ui element there... 1.4 #1 proper threading I've dropped code for threading, there is no explicit threading now. Threading makes things complex. I think threading that I dropped did not provide the speed because the bottleneck was adding to the grid that could not be done in thread. So I just made the adding fast enough using hash table to map hashes into lines of grids. 1.5 1. Hash type suggestion/guessing for individual hashes (which is the best way? do we have any support from JtR jumbo with that) Jumbo suggests possible other formats when the cracking is started. Though it suggest only for the whole pack (actually by the type of the first hash I think), not for the individual hashes. I think it is needed to implement separate option to show types for each hashes, probably not starting attack. 1.6 1. Manual plain-text user probing for individual ciphers(manual guessing) It should not be hard to pass words from users to john (through file or through pipe). Though showing of the result hash is the other story. Also attack against individual hash (1.8 #2) is a separate task too (and user should be warned about not salted hashes that are very cheap try all at once; maybe for not salted hashes, it should be deprecated at all). 1.7 1. Dictionary editing and generation based on interactive rule sets? More details please. 1.8 2. Ability to select/deselect individual hashes from being handled from a s It looks unfinished. I wrote some ideas in 1.6 #1. 2.0 1. Note: First stable release. BTW current release may be viewed as stable. Though it does not support jumbo. And some things from core like unshadow. 2.1 1. Post-cracking statistics regarding the frequency of passwords, characters and lengths, would be nice. Provided in a new statistics pane. There are Free and Open Source Software tools to perform analysis using cli. We may integrate some of them. Nice plan. Thanks! -- Regards, Aleksey Cherepanov
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.