Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 5 Jun 2015 16:18:03 +0300
From: Solar Designer <solar@...nwall.com>
To: john-dev@...ts.openwall.com
Subject: Re: poor man's fuzzer

On Fri, Jun 05, 2015 at 04:04:37PM +0300, Solar Designer wrote:
> This is surprising:
> 
> $ cat /dev/shm/fuzz/pot*
> $openssl$0$0$8$3059edc2a0521011$bf11609a01e78ec3f50f0cc483e636f9$1$0:wrong password wrong password wrong password wrong password wrong password wrong password wrong password wrong password wrong
> $openssl$0$0$8$305cedc2a0521911$bf11609a01e78ec3f50f0cc483e636f9$1$0:wrong password wrong password wrong password wrong password wrong password wrong password wrong password wrong password wrong
> 
> What's this?  False positives?  Did I possibly overrun into a "cracked"
> variable?  (Dhiru likes those so much.)  Kai, you should run fuzz.pl
> against an asan-enabled build - this will probably catch many more issues.

I think we should enhance fuzz.pl to detect producing non-empty pot as
an error in john, and record the sample.  It isn't hard to "cat pot*",
but it is easy to forget to do that.

Alexander

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.