Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 17 Apr 2015 02:46:08 +0300
From: Alexander Cherepanov <>
Subject: Re: Advice on proposal: John the Ripper jumbo robustness

On 2015-03-27 03:50, Kai Zhao wrote:
>> I think it's better explain what do you think about and why custom fuzzer
>> will be better
> I explained at my proposal, and I think it would be better to explain it
> here too.

Sorry I've not replied earlier.

> Why we need custom fuzzer?
> ----------------------------------------
> Because AFL can not fuzz command-line options and environment variables.
> Currently we fuzz sinlge input data, and I think we can fuzz more than one
> kind of input data at the same time(e.g., fuzz hashes and command-line at
> the same time)

I think this can be dealt with relatively easy, without creating 
something complex and definitely without creating a separate fuzzer.

The nice thing about afl is that it's very advanced due to being 
feedback-driven. It would be a pity to throw this away. If afl cannot 
readily fuzz some kind of input data it's usually not that difficult to 
make the tested program compatible with afl by modifying it to read its 
input data from a file. Another possibility is to modify afl to supply 
input via, e.g., a environment variable.

A custom fuzzer could be useful when it's easy to write one and there 
are many issues with the code. After most easy issues are found, I think 
it's better to switch to afl than to try implement something advanced.

> Why implement custom fuzzer in the first timeline?
> -------------------------------------------------------------------
> Since fuzzing takes a lot of time, so I think I should implement custom
> fuzzer first. Thus, we will have enough time to fuzz and improve the custom
> fuzzer

Your initial proposal implied creation of detailed description of each 
kind of hashes. This is problematic -- it requires a lot of hand work. 
Describing a hash for fuzzing is not much easier than writing a valid() 
for it. If you are spending time diving into the details of the hash 
structure then you can just write valid() for it as well.

Alexander Cherepanov

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.