Date: Sat, 7 Mar 2015 17:44:14 +0100 From: Lukas Odzioba <lukas.odzioba@...il.com> To: john-dev@...ts.openwall.com Subject: Re: Any advice on how to fuzz john jumbo by AFL 2015-03-07 14:22 GMT+01:00 Kai Zhao <loverszhao@...il.com>: > Maybe you have some good advice on how to fuzz john. Thank you. To improve efficency I'd try disabling self_test in code. Also we could split fuzzing into two phases: all before crypt_all (split prepare...), and everything with self test disabled this would also increase efficency and again requires some changes in source code - i.e just return 0 instead of doing crypt_all. Some bugs might occur only when there are many hashes to crack - it's something to have in mind. Another approach is to look at the test cases and for each format write a script that generates less or more similar inputs (like making salts or hashes longer, or add invalid characters to the hash - such hash should be rejected by valid function if not then you have a bug that will never be caught by looking for crashes). Lukas
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.