john-dev - Re: Ideas for the robustness gsoc task

Follow @Openwall on Twitter for new release announcements and other news

[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]

Date: Wed, 25 Mar 2015 11:52:46 +0300
From: Alexander Cherepanov <ch3root@...nwall.com>
To: john-dev@...ts.openwall.com
Subject: Re: Ideas for the robustness gsoc task

On 2015-03-25 10:27, Kai Zhao wrote:

Your message is sent as a reply to wrong email. Please keep threading right.

>> - List sources of input data and classify its trustworthiness (discuss in
>> john-dev). Preliminary, from untrusted to less untrusted:

Add here:

-- input data for 2john tools

>> -- hashes
>> -- wordlists
>> -- rules
>> -- chr
>> -- config files (non-rules parts)
>> -- command line options
>> -- environment variables
>
> We should fuzz those files: hashes, wordlists, rules, chr, config files,
> command line options and environment variables.
>
>> - fuzz chr files
>> - (Dynamic analysis and Fuzzing) Build for different platforms: at least
> 32-bit, ideally big-endian
>
> Why only list "-fuzz chr files"?

Some other sources were already listed. But you are right, such lists in 
all places should be the same.

-- 
Alexander Cherepanov

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.