Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Thu, 7 May 2015 17:43:56 +0300
From: Solar Designer <>
Subject: Re: Session names somename.[0-9]+ shouldn't be allowed

On Thu, May 07, 2015 at 10:32:47AM -0400, Mathieu Laprise wrote:
> I don't know if this has been already said by Aleksey, I didn't follow
> closely this discussion. Sorry if it's a duplicate. I just want to warn
> that current magnum/master seems to have side effects on all version of
> Johnny which is probably related to this thread. The way Johnny open a new
> password file is this :
> C:/Users/Mathieu/Desktop/JohnCompile/JohnTheRipper/run/john.exe
> --session=C:/Users/Mathieu/.john/johnny/default
> C:/Users/Mathieu/Desktop/password.txt
> And output is :
> Invalid session name: must not contain a dot

Ouch, I didn't realize people were passing pathnames to --session.  This
was never supposed to work, but it just happened to.  I think it's a bug
in Johnny, and should be fixed there.

But there may be more to it.  I realize it may be unclean to have the
session files go to the current directory.  Maybe $JOHN should be used
as the directory to store .rec and .log files into even with explicit
session names?

What do others think?


Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.