Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sun, 7 Jun 2015 17:47:14 +0300
From: Solar Designer <>
Subject: Re: Fuzzing Report on hashes


Thank you for posting this!

On Sun, Jun 07, 2015 at 10:32:20PM +0800, Kai Zhao wrote:
> The script mutates hashes based on the test cases in the source
> code. There are 4 methods in to mutate hashes.

... and more should be added, in particular replacing chars not only
with '9' and '$', but also with '*' and '#' as suggested by Frank
(trivial to add).  And detection of false positives should be added.

> I have analyzed the samples from Solar's fuzzing. There are 8 bugs.
> I have submitted these bugs to jumbo.

I've skimmed over the GitHub issues you created.  These mostly look
right to me (although I would have used more descriptive names for some
of them).

There's, however, a major omission: you didn't create any issues for the
false positives.  This is probably two issues:

You could want to revise your fuzzing to detect false positives too.
Both with and afl.


These two division by zero possibilities for r=0 and p=0 are both
already fixed in the current yescrypt code.  We just need to update.

> There are 20 bugs found by afl. I have submitted them to jumbo.
> to

Isn't this 21 issues?

1412-1392+1 = 21

> command_line   : afl-fuzz -m none -i input_cases/ -o out/ ../../john @@
> --nolog --skip-self-test

You could want to enhance this with --session and --pot pointing to
files on a tmpfs mount, and run multiple processes at a time (I don't
know how this is done with afl; you should know) with different session
files for each concurrent child process.


Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ