Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Wed, 25 Mar 2015 01:07:00 +0300
From: Alexander Cherepanov <>
Subject: Ideas for the robustness gsoc task


I've tried to collect various ideas for the robustness gsoc task. Some 
of them are already tested, some probably require discussion. Comments, 

General cleaning

- Figure out which C standard we want (discuss on john-dev), document 
it, convert to it.

- Figure out which coding style we want (discuss on john-dev), document 
it, convert to it.
(character encoding for various files, indent(1) options)

- Unify function names (get_salt -> salt etc.). This makes 
grepping/refactoring easier.

- Get rid of unused global symbols (see , ).

- Get rid of unused macros (see , ).

- Look for strncmp with n==1 (see ).

- Identify embedded copies of other software.


- Hardened build

- Constification and format interface clarification (see ).

Cleaning hashes loading

- Review loader.c (see ).

- Revamp valid(), salt() etc. in all(?) formats:

-- sync cpu/opencl/cuda formats (see );

-- get rid of strtok() (because it requires to make a copy of input string);

-- get rid of atoi() and other functions exhibiting undefined behavior;

-- ...probably by switching to a generic parsing functions (to be written).

Static ananlysis

- gcc with various options

- compile as C++ ?

- clang with various options

- Clang Static Analyzer

- cppcheck

- splint?

- ...

Dynamic analysis

- Valgrind

- AddressSanitizer

- Undefined Behavior Sanitizer

- MemorySanitizier?

- ThreadSanitizer?


- Custom fuzzer (see , ).


- fuzz 2john tools

- fuzz command-line options

- fuzz environment variables

- fuzz config files

Alexander Cherepanov

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.