Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Mon, 13 Jul 2015 18:00:15 +0800
From: Kai Zhao <>
Subject: Kai's weekly report #11



1. Improve --fuzz option.

1.1 Add --fuzz-dump to support reproduce.
1.2 Reuse loader.c to test more methods, such as salt(), set_key(),
    and binary().
1.3 Create a new file fuzz.c and fuzz.h for --fuzz.
1.4 Add copyright and license to fuzz.[ch] and
1.5 Fuzz JtR with --fuzz option and found 9 bugs. ~ 1548 ~ 1553 (with asan)

There is a bug which pwfile's size is too large which is 690MB, and now
I am trying to reduce the size. Later, I will open issue for this bug.


1. Improve --fuzz option.

1.1 Follow Alexander Cherepanov's advice.
   Use mmap() to make it more efficient for read dictionary file.
   Use str* functions instead of mem* functions.
   Coding style problems.
1.2 Merge the --fuzz option into bleeding-jumbo.

2. Identify improperly set or missing FMT_* flags.

3. Improve --test-full option.

3.1 Support dynamic and all the formats.
3.2 Handle formats which allows false positives.
3.3 Combine self-test and benchmark.

4. Test and discuss the coding style for john core.
5. Figure out which C standard we want, document it, convert to it.

Best regards,


Content of type "text/html" skipped

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ