Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon, 25 May 2015 05:55:50 +0300
From: Solar Designer <>
Subject: Re: Fuzzing Report on wordlist, rules, chr


On Mon, May 25, 2015 at 09:57:50AM +0800, Kai Zhao wrote:
> 3. Fuzz chr
> Command:
> afl-fuzz -t 1500+ -m none -i input_cases/ -o out -f fuzz.chr ../john ppww
> --nolog --skip-self-test --format=md5crypt --incremental=Lanman
> --config=local.conf --max-run-time=1

You could have increased the coverage of this test a little bit by using
a faster hash type, such as dummy, raw-md4, NT, or LM (indeed, your
"ppww" file should contain a hash of that type).  It would then proceed
much further in incremental mode during the same 1 second running time.

> Speed: about 1~10/sec (without asan), 0.9/sec (with asan).
> Run time: more than two days
> Unique crashes: 0

To test your fuzzing methodology, can you please try applying it to JtR
1.7 release?  IIRC, I made the .chr file parser more robust between 1.7
and, so you should probably be able to trigger crashes on 1.7:

You may see the history of changes around this time (early 2006) here:

There's no --max-run-time option in JtR 1.7 (and some other options
you're using are also missing), so you'll need to introduce another way
for terminating JtR - e.g., set CharCount low and use a fast hash type
(LM is the fastest supported in 1.7).



Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.