Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon, 1 Jun 2015 12:59:36 +0300
From: Solar Designer <solar@...nwall.com>
To: john-dev@...ts.openwall.com
Subject: Re: Kai's weekly report #5

On Mon, Jun 01, 2015 at 05:37:34PM +0800, Kai Zhao wrote:
> Accomplishments:
> 1. Fuzz config (non-rules parts), includes Markov, UserClasses,
>    Mask, Regen_Salts_UserClasses and External.

And you only found issues with external mode?

> 2. Fuzz environment variables, found no bugs.
> 
> Priorities:
> 1. Figure out which coding style we want, document it, convert to it.
> 2. Figure out which C standard we want, document it, convert to it.

Does this mean you think you're done with fuzzing?

I'd expect more issues with invalid hash encodings passing valid() in
many formats in jumbo.  I think this is worth further fuzzing, perhaps
with greater specialization to the task.

Also, what has happened to Alexander Cherepanov's idea to introduce
generic and easy to use string validation functions to be called from
new/replacement implementations of valid()?

Alexander

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ