Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sat, 7 Mar 2015 17:44:14 +0100
From: Lukas Odzioba <lukas.odzioba@...il.com>
To: john-dev@...ts.openwall.com
Subject: Re: Any advice on how to fuzz john jumbo by AFL

2015-03-07 14:22 GMT+01:00 Kai Zhao <loverszhao@...il.com>:
> Maybe you have some good advice on how to fuzz john. Thank you.

To improve efficency I'd try disabling self_test in code.
Also we could split fuzzing into two phases: all before crypt_all
(split prepare...), and everything with self test disabled this would
also increase efficency and again requires some changes in source code
- i.e just return 0 instead of doing crypt_all.

Some bugs might occur only when there are many hashes to crack - it's
something to have in mind.
Another approach is to look at the test cases and for each format
write a script that generates less or more similar inputs (like making
salts or hashes longer, or add invalid characters to the hash - such
hash should be rejected by valid function if not then you have a bug
that will never be caught by looking for crashes).

Lukas

Powered by blists - more mailing lists

Your e-mail address:

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.