Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sun, 7 Jun 2015 17:47:14 +0300
From: Solar Designer <solar@...nwall.com>
To: john-dev@...ts.openwall.com
Subject: Re: Fuzzing Report on hashes

Kai,

Thank you for posting this!

On Sun, Jun 07, 2015 at 10:32:20PM +0800, Kai Zhao wrote:
> The fuzz.pl script mutates hashes based on the test cases in the source
> code. There are 4 methods in fuzz.pl to mutate hashes.

... and more should be added, in particular replacing chars not only
with '9' and '$', but also with '*' and '#' as suggested by Frank
(trivial to add).  And detection of false positives should be added.

> I have analyzed the samples from Solar's fuzzing. There are 8 bugs.
> I have submitted these bugs to jumbo.

I've skimmed over the GitHub issues you created.  These mostly look
right to me (although I would have used more descriptive names for some
of them).

There's, however, a major omission: you didn't create any issues for the
false positives.  This is probably two issues:

http://www.openwall.com/lists/john-dev/2015/06/07/2

You could want to revise your fuzzing to detect false positives too.
Both with fuzz.pl and afl.

> https://github.com/magnumripper/JohnTheRipper/issues/1384
> https://github.com/magnumripper/JohnTheRipper/issues/1385

These two division by zero possibilities for r=0 and p=0 are both
already fixed in the current yescrypt code.  We just need to update.

> There are 20 bugs found by afl. I have submitted them to jumbo.
> 
> https://github.com/magnumripper/JohnTheRipper/issues/1392
> to
> https://github.com/magnumripper/JohnTheRipper/issues/1412

Isn't this 21 issues?

1412-1392+1 = 21

> command_line   : afl-fuzz -m none -i input_cases/ -o out/ ../../john @@
> --nolog --skip-self-test

You could want to enhance this with --session and --pot pointing to
files on a tmpfs mount, and run multiple processes at a time (I don't
know how this is done with afl; you should know) with different session
files for each concurrent child process.

Alexander

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ