[aur-general] password cracker program in AUR
Hi, While browsing AUR4 orphaned pacakges, i noticed cudahashcat with description "Worlds fastest password cracker with dictionary mutation engine" . There are atleast 2 more packages from the same upstream, http://hashcat.net/oclhashcat/ . I realise it and can be useful for people that forgot their own password, there are many illegal/immoral uses for it. Should we allow such programs in AUR ? LVV
On Fri, 19 Jun 2015 00:27:14 +0200 LoneVVolf <lonewolf@xs4all.nl> wrote:
I realise it and can be useful for people that forgot their own password, there are many illegal/immoral uses for it.
It's useful not just for forgotten passwords, but for penetration/security testing as well as theoretical purposes.
Should we allow such programs in AUR ?
We most definitely should; such software is not illegal and has plenty of legitimate use; further, similar software already is present in [community]. -- Patrick Burroughs (Celti) <celti@celti.name>
On Thu, 18 Jun 2015 15:38:29 -0700, Patrick Burroughs (Celti) wrote:
On Fri, 19 Jun 2015 00:27:14 +0200 LoneVVolf <lonewolf@xs4all.nl> wrote:
I realise it and can be useful for people that forgot their own password, there are many illegal/immoral uses for it.
It's useful not just for forgotten passwords, but for penetration/security testing as well as theoretical purposes.
Should we allow such programs in AUR ?
We most definitely should; such software is not illegal and has plenty of legitimate use; further, similar software already is present in [community].
+1 I don't need it and don't have it installed, but I agree that it can be useful. If somebody wants to misuse software, then a MUA, resp. a sendmail program likely could cause more evil, then a password cracker. So, should we forbid sendmail programs? How many times a day does somebody successfully crack our passwords? How many spam mails do we receive each day?
As one of the maintainers of one of the hashcat packages, I am a firm believer that such programs should be allowed. They are not illegal, have plenty of legal and moral use cases and are widely available elsewhere (why put a non-universal constraint on a single set of programs with virtually no gain?). -- All the best, -Sam
On Thu, 18 Jun 2015 18:20:48 -0500 Sam Stuewe <halosghost@archlinux.info> wrote:
As one of the maintainers of one of the hashcat packages, I am a firm believer that such programs should be allowed. They are not illegal, have plenty of legal and moral use cases and are widely available elsewhere (why put a non-universal constraint on a single set of programs with virtually no gain?).
I fully agree, such tools are useful in a lot of cases, with the argumentation that it can be misused compilers are also in a bad position, they create harmful executables from plain text files. No seriously, in case there are laws in your jurisdiction that forbid such tools don't install them. I don't work in the security business, but john, nmap and aircrack were extremely useful to convince people from previous generations to use stronger passwords and changing the kind of WLAN encryption. Also: I'm the guy currently maintaining john in [community]. (Yes it's ood and there is a jumbo for 1.80, but it runs stable on older x86_64 CPUs. Feel free to send me an updated PKGBUILD and I check it on my systems.)
Should we allow such programs in AUR ? You're mistaking a tool for its uses. I have some packages on the AUR
Em 18-06-2015 19:27, LoneVVolf escreveu: that could also help protect criminals. Should I also remove these packages from AUR? Let's ban criptography, because it also protect criminals. See where your reasoning is flawed? Cheers, Giancarlo Razzolini
Let me just reiterate not to install such tools unless you know whether in your local jurisdiction they are not somehow banned and whether you should care about taking such risks. cheers! mar77i
I'd like to drop a note that john is in [community], and nobody has an issue with that Thanks -- Four word witty remark
On 19-06-15 03:36, Giancarlo Razzolini wrote:
Should we allow such programs in AUR ? You're mistaking a tool for its uses. I have some packages on the AUR
Em 18-06-2015 19:27, LoneVVolf escreveu: that could also help protect criminals. Should I also remove these packages from AUR? Let's ban criptography, because it also protect criminals. See where your reasoning is flawed?
Cheers, Giancarlo Razzolini For clarity :
PERSONALLY i have no problem with this program, and completely disagree with laws that forbid tools like this. I wasn't clear about archlinux / AUR policy in this regard, and could find nothing relevant in wiki. This thread was started to find out the feelings of other archers about this. I guess next time i ask a question on aur-general i need to add a disclaimer. LVV
PERSONALLY i have no problem with this program, and completely disagree with laws that forbid tools like this.
Ah okay, that addresses the assumption I (and I'm sure others) have made -- Four word witty remark
Em 19-06-2015 08:43, LoneVVolf escreveu:
On 19-06-15 03:36, Giancarlo Razzolini wrote:
Should we allow such programs in AUR ? You're mistaking a tool for its uses. I have some packages on the AUR
Em 18-06-2015 19:27, LoneVVolf escreveu: that could also help protect criminals. Should I also remove these packages from AUR? Let's ban criptography, because it also protect criminals. See where your reasoning is flawed?
Cheers, Giancarlo Razzolini For clarity :
PERSONALLY i have no problem with this program, and completely disagree with laws that forbid tools like this. I wasn't clear about archlinux / AUR policy in this regard, and could find nothing relevant in wiki. This thread was started to find out the feelings of other archers about this.
I guess next time i ask a question on aur-general i need to add a disclaimer.
LVV I understood you the first time. But if you tought this a little bit longer, you wouldn't need to ask, don't you think?
Cheers, Giancarlo Razzolini
participants (8)
-
David Phillips
-
Giancarlo Razzolini
-
LoneVVolf
-
Martti Kühne
-
Patrick Burroughs
-
Ralf Mardorf
-
Sam Stuewe
-
Thorsten Töpper