Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 17 Apr 2015 14:25:03 +0300
From: Aleksey Cherepanov <>
Subject: Re: Improving Johnny


On Mon, Apr 13, 2015 at 02:23:16AM +0300, Aleksey Cherepanov wrote:
> On Fri, Apr 10, 2015 at 04:53:42PM -0400, Mathieu Laprise wrote:
> > Hello everyone,
> > I am a 3rd year software engineering student from Polytechique Montréal.
> > Solar told me about enhancing the Johnny project this summer as part of
> > GSOC. It really picked my interest for two main reasons.
> > 
> > 1- I am passionated about security and I want to do a master degree in that
> > field.
> > 2- I love working with the QT framework and C++. I worked with them at
> > school and I have done a 4 months 40 hours/week internship last summer in
> > QT at Adacel (a company in the aviation field). I really enjoyed this
> > internship and it gave me a lot of hands-on experience with QT.
> Nice.
> There is a line in Johnny:
>   temp << QString("%1:%2::%3\n").arg(user).arg(hash).arg(hash);
> Do you see any problems with it? If there is a problem then
> - provide an example of input to trigger the problem.
> - How would you fix it?
> - Does the fix work with your example?
> - Push the fix into a separate branch in your public repo please.

I was going to give that as a small starting task for you. Though
you've picked the translation. It is ok. Nevertheless I'd like to get
an answer to "Do you see any problems with it?" because it may help us
to understand your experience with qt and security together. Though
you may need to read johnny's code related to the line to give answer.


Aleksey Cherepanov

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.