Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon, 13 Jul 2015 10:57:00 +0800
From: Kai Zhao <loverszhao@...il.com>
To: john-dev@...ts.openwall.com
Subject: Re: more robustness

Hi Alexander,

> I'm not happy that you're making any changes to loader.c at all, but the
> changes are relatively small, so this may be acceptable.

Yes, I did not want to change the loader.c either. Before change the
loader.c, I copy those functions and change little to fuzz.c by the
following
patch.

https://github.com/loverszhaokai/JohnTheRipper/commit/f8a6f01a12e47cb9d951a7733fa0a69af1bd6204

Most of the loader.c are copied into fuzz.c, so I think it would be better
to
use the loader.c instead of copy it. So I tried to reuse the loader.c.
Fortunately, the changes are relatively small.

> OK, although this brings up the question: why were not these found by
> fuzzing earlier, prior to --fuzz option?

All the new bugs are found by the new fuzz methods: insert_chars(). This
function insert chars from -128 to 127 before each char of the hash, with
1, 10, 100, 1000, 10000 times of duplicate. This method is supported by
the follow patch.

https://github.com/loverszhaokai/JohnTheRipper/commit/885feb65d4cc09cdb41b3e314c6c8abc2b8734a2


Thanks,

kai

[ CONTENT OF TYPE text/html SKIPPED ]

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ