Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sun, 7 Jun 2015 12:32:47 +0300
From: Solar Designer <solar@...nwall.com>
To: john-dev@...ts.openwall.com
Subject: Re: poor man's fuzzer

On Fri, Jun 05, 2015 at 04:18:03PM +0300, Solar Designer wrote:
> On Fri, Jun 05, 2015 at 04:04:37PM +0300, Solar Designer wrote:
> > This is surprising:
> > 
> > $ cat /dev/shm/fuzz/pot*
> > $openssl$0$0$8$3059edc2a0521011$bf11609a01e78ec3f50f0cc483e636f9$1$0:wrong password wrong password wrong password wrong password wrong password wrong password wrong password wrong password wrong
> > $openssl$0$0$8$305cedc2a0521911$bf11609a01e78ec3f50f0cc483e636f9$1$0:wrong password wrong password wrong password wrong password wrong password wrong password wrong password wrong password wrong
> > 
> > What's this?  False positives?  Did I possibly overrun into a "cracked"
> > variable?  (Dhiru likes those so much.)  Kai, you should run fuzz.pl
> > against an asan-enabled build - this will probably catch many more issues.
> 
> I think we should enhance fuzz.pl to detect producing non-empty pot as
> an error in john, and record the sample.  It isn't hard to "cat pot*",
> but it is easy to forget to do that.

... and I just noticed that my early fuzz.pl runs, still with on-disk
john.pot, resulted in this line getting added:

scrypt$Cj0PzdtT3qS2$41$8$1$64$qn4CDnM8CcIBNrpQXHo6ti8vSUoSXj7GBFy7k1bp5wPs8jKjh/gHZ+qM9uk6LbcVHm02yBaI5WCbDm/Shq/MXA==:wrong password 1

This is based on a test vector from django_scrypt_fmt_plug.c, which had
"14" in place of "41".  Apparently, this format produces false positives
on failed memory allocation.

I think we should merge the django-scrypt and scrypt formats into one,
and update it to use my newer yescrypt code.

Alexander

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ