Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 05 Jun 2015 19:57:11 +0200
From: Frank Dittrich <frank.dittrich@...lbox.org>
To: john-dev@...ts.openwall.com
Subject: Re: poor man's fuzzer

On 06/05/2015 03:16 PM, Solar Designer wrote:
> On Fri, Jun 05, 2015 at 01:58:50PM +0300, Solar Designer wrote:
>> Also, this one:
>>
>> $pomelo$$23$hash runner 2015$8333ad83e46e425872c5545741d6da105cd31ad58926e437d32247e59b26703e
>>
>> consumed many gigabytes of RAM and was still growing:
>>
>> solar    29203 99.7 50.7 67167428 67116292 pts/15 RN 14:52   3:33 ./john --nolog --encoding=raw --stdin --session=/dev/shm/fuzz/s-117 --format=pomelo /dev/shm/fuzz/pw-117
>>
>> It's sort of expected that we don't currently have any hard memory usage
>> limits in john itself, but we may want to revisit this discussion.
> 
> BTW, in the above case it's probably a bug - notice "$$" in the hash
> encoding.  So probably it's improper processing of a missing number.

POMELO also has some endianness problems, see
https://github.com/magnumripper/JohnTheRipper/issues/1345

We hoped thet the Q&D implementation would at some point get replaced by
Agnieszka's implementation. That's why nobody bothered to spend much
time trying to fix bugs in an implementation which will not last.

Frank

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.