Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sun, 5 Jul 2015 20:52:28 +0800
From: Kai Zhao <loverszhao@...il.com>
To: john-dev@...ts.openwall.com
Subject: Re: more robustness

Hi Alexander,

> I'd have the fuzzing work from the test vectors, not an external file -
> although supporting this as an option would be fine.  It isn't
> immediately clear to me from your code whether the external file is
> required or optional.  The syntax here implies it's optional:
>
> +       puts("--fuzz[=DICTFILE]         fuzz formats' perpare(), valid()
> and split()");
>
> BTW, you have a typo here: s/perpare/prepare/

Yes, the DICTFILE is optional. It is a dictionary file which contains
strings that will be inserted before each chars of the hashes.
The fuzzing really work from the test vectors and the DICTFILE is just
a fuzzing method.

> Is the only remaining use for the Perl script to split the workload
> across multiple processes?  If so, why does it accept a format name as
> an argument?  I think the splitting only works by format, thus only when
> fuzzing multiple formats at once.  The way it currently is, it makes no
> sense to me.

No. Another reason is that JtR will exit if it finds bug with --fuzz. So it
will at most find one bug one time. The fuzz_option.pl will run the
command "./john --fuzz --format=$fname" with all the formats. The
Perl script can find all the bugs of all the formats.

Thanks,

Kai

Content of type "text/html" skipped

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.