Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 14 Sep 2012 13:21:26 +0400
From: Aleksey Cherepanov <>
Subject: Re: Static analysis of John using Coverity

On Fri, Sep 14, 2012 at 03:14:41AM +0400, Solar Designer wrote:
> On Thu, Sep 13, 2012 at 03:44:48PM -0400, Robert B. Harris wrote:
> > What do you think about taking advantage of the free (since we are Open source) static analysis of John using Coverity software?  This software seems to have a pretty good reputation.  It appears that Alex or someone he designates, would submit the source code to their website below, and they would generate a report that could be view by again, the people Alex designates.
> Personally, I don't need this at this time, except maybe to get a feel
> of Coverity's current capabilities for its possible other uses.  Maybe
> we should run it on other/smaller Openwall programs, where, unlike in
> JtR, it is more obvious what constitutes untrusted input.  BTW, for JtR
> it could be nice to specify this in some documentation file - after we
> decide on it, of course.

I think all input files (.rec/wordlist/whatever) should be considered
untrusted because MJohn will allow users to exchange these files (it
is not the only case of getting files from untrusted place but this
one covers all files).

Aleksey Cherepanov

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ