Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sun, 30 Dec 2012 03:49:32 +0100
From: magnum <john.magnum@...hmail.com>
To: john-dev@...ts.openwall.com
Subject: Re: New self-test for maximum length

On 29 Dec, 2012, at 18:09 , Dhiru Kholia <dhiru.kholia@...il.com> wrote:
> On Sat, Dec 29, 2012 at 10:23 PM, magnum <john.magnum@...hmail.com> wrote:
>> I just threw this in with devastating results:
>> 
>> commit f49d2c56531de71da2a03c0e28c8bc939cce376b
>> Author: magnum <john.magnum@...hmail.com>
>> Date:   Sat Dec 29 17:25:46 2012 +0100
>> 
>>    formats.c: Add a self-test that puts maximum length candidates in all
>>    buffer positions and then read them back to verify. This finds incorrect
>>    claims of PLAINTEXT_SIZE as well as most kinds of key buffer over-runs.
>>    It found 15 problematic formats right away.
>> 
>> I have no idea why I did not get the idea long ago. Unlike the "valid() killer" test that is only active with -DDEBUG, this one doesn't seem prone to segfault so it's always active. This is the current results on my 64-bit machine:
>> 15 out of 198 tests have FAILED
> 
> Surprisingly most of my formats passed. I got scared when I did a "git
> pull" and saw the commit message.

Unfortunately things get worse if you build with OMP. The test is more effective with more than one keys per crypt(). Not that I have seen any more of your formats yet, it segfaults on IPB so the rest are not tested with a --test=0 run.

We may have a lot to do. I'll keep focusing on OpenCL formats for now.

magnum

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ