Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CABtNtWFdyT-8C4YUoip-uZ6Hf9sQ8c9J72EtTBQEBSOpyUWYhg@mail.gmail.com>
Date: Wed, 25 Mar 2015 22:52:13 +0800
From: Kai Zhao <loverszhao@...il.com>
To: john-dev@...ts.openwall.com
Subject: Re: Ideas for the robustness gsoc task

Below is the current ideas for the robustness gsoc task. Is it right?
Note: I changed "- fuzz chr files"  ->  "- fuzz those listed sources of
input data"


Fixing input data handling
~~~~~~~~~~~~~~~~~~~~~~~

- List sources of input data and classify its trustworthiness (discuss in
john-dev).
  Preliminary, from untrusted to less untrusted:

-- input data for 2john tools
-- hashes
-- wordlists
-- rules
-- chr
-- config files (non-rules parts)
-- command line options
-- environment variables

- Review and revamp valid(), salt() etc. in all(?) formats:

- Review wordlist loading and rules application

- Review handling of other input data

- Review other parts of the code

- fuzz those listed sources of input data

- (Dynamic analysis and Fuzzing) Build for different platforms: at least
32-bit, ideally big-endian

- Test with increased LINE_BUFFER_SIZE


Thanks

Kai

Content of type "text/html" skipped

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.