Date: Mon, 25 May 2015 05:55:50 +0300 From: Solar Designer <solar@...nwall.com> To: john-dev@...ts.openwall.com Subject: Re: Fuzzing Report on wordlist, rules, chr Kai, On Mon, May 25, 2015 at 09:57:50AM +0800, Kai Zhao wrote: > 3. Fuzz chr [...] > Command: > afl-fuzz -t 1500+ -m none -i input_cases/ -o out -f fuzz.chr ../john ppww > --nolog --skip-self-test --format=md5crypt --incremental=Lanman > --config=local.conf --max-run-time=1 You could have increased the coverage of this test a little bit by using a faster hash type, such as dummy, raw-md4, NT, or LM (indeed, your "ppww" file should contain a hash of that type). It would then proceed much further in incremental mode during the same 1 second running time. > Speed: about 1~10/sec (without asan), 0.9/sec (with asan). > Run time: more than two days > Unique crashes: 0 To test your fuzzing methodology, can you please try applying it to JtR 1.7 release? IIRC, I made the .chr file parser more robust between 1.7 and 220.127.116.11, so you should probably be able to trigger crashes on 1.7: http://download.openwall.net/pub/projects/john/1.7/ You may see the history of changes around this time (early 2006) here: http://cvsweb.openwall.com/cgi/cvsweb.cgi/Owl/packages/john/john/src/inc.c There's no --max-run-time option in JtR 1.7 (and some other options you're using are also missing), so you'll need to introduce another way for terminating JtR - e.g., set CharCount low and use a fast hash type (LM is the fastest supported in 1.7). Thanks, Alexander
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.