Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Date: Fri, 27 Mar 2015 01:40:44 +0300
From: Alexander Cherepanov <ch3root@...nwall.com>
To: john-dev@...ts.openwall.com
Subject: Re: Advice on proposal: John the Ripper jumbo robustness

On 2015-03-17 18:43, Kai Zhao wrote:
> Hi there, below is the link of my proposal on the project: John the Ripper
> jumbo robustness
> improvements
>
> http://www.google-melange.com/gsoc/proposal/public/google/gsoc2015/zhaokai/5629499534213120

[skip]

> I would appreciate it if you can give me some advice on this proposal.

I've take a look at your updated proposal. Here are some thoughts:

-  I don't think that "Test with increased LINE_BUFFER_SIZE" is worth to 
be a separate item -- just always fuzz with increased LINE_BUFFER_SIZE 
(unless it degrades performance);

- perhaps add General cleaning and hardening builds instead;

- fuzzing in the first item of your timeline is with AFL? If so it's 
better to mention it (as opposed to custom fuzzer);

- if put a custom fuzzer after AFL and propose to spend a lot of time on 
it I think it's better explain what do you think about and why custom 
fuzzer will be better. The idea was to switch from the existing custom 
fuzzer to AFL. It could very well be that a more advanced custom fuzzer 
will be much better but this idea will benefit from some explanation;

- maybe adjust dates to better match gsoc timeline (e.g. "29 August" in 
your proposal vs. "28 August" in [1]);

- probably mention that the project will benefit from availability of 
GPUs (improving the robustness of GPU formats).

[1] https://www.google-melange.com/gsoc/events/google/gsoc2015

-- 
Alexander Cherepanov

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.