Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Mon, 13 Jul 2015 18:00:15 +0800
From: Kai Zhao <loverszhao@...il.com>
To: john-dev@...ts.openwall.com
Subject: Kai's weekly report #11

Hello,

Accomplishments:

1. Improve --fuzz option.

http://www.openwall.com/lists/john-dev/2015/07/05/7

1.1 Add --fuzz-dump to support reproduce.
1.2 Reuse loader.c to test more methods, such as salt(), set_key(),
    and binary().
1.3 Create a new file fuzz.c and fuzz.h for --fuzz.
1.4 Add copyright and license to fuzz.[ch] and fuzz_option.pl.
1.5 Fuzz JtR with --fuzz option and found 9 bugs.

https://github.com/magnumripper/JohnTheRipper/issues/1545 ~ 1548
https://github.com/magnumripper/JohnTheRipper/issues/1550 ~ 1553 (with asan)

There is a bug which pwfile's size is too large which is 690MB, and now
I am trying to reduce the size. Later, I will open issue for this bug.


Priorities:

1. Improve --fuzz option.

http://www.openwall.com/lists/john-dev/2015/07/05/7

1.1 Follow Alexander Cherepanov's advice.
   Use mmap() to make it more efficient for read dictionary file.
   Use str* functions instead of mem* functions.
   Coding style problems.
1.2 Merge the --fuzz option into bleeding-jumbo.

2. Identify improperly set or missing FMT_* flags.

http://www.openwall.com/lists/john-dev/2015/07/12/4

3. Improve --test-full option.

3.1 Support dynamic and all the formats.
3.2 Handle formats which allows false positives.
3.3 Combine self-test and benchmark.

4. Test and discuss the coding style for john core.
5. Figure out which C standard we want, document it, convert to it.


Best regards,

Kai

[ CONTENT OF TYPE text/html SKIPPED ]

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ