Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Date: Sat, 6 Jun 2015 10:54:02 +0300
From: Solar Designer <solar@...nwall.com>
To: john-dev@...ts.openwall.com
Subject: Re: poor man's fuzzer

Hi Kai,

On Sat, Jun 06, 2015 at 02:21:02PM +0800, Kai Zhao wrote:
> 44: open(TESTS, './john --list=format-tests --format=cpu |') || die;

Please upgrade to the newer version of fuzz.pl that I posted.  It has
'| shuf |' on this line, along with some changes elsewhere:

http://www.openwall.com/lists/john-dev/2015/06/05/16

> Why with "--format=cpu" ?

Because of this bug:

http://www.openwall.com/lists/john-dev/2015/06/05/4

as well as just to focus on CPU formats for now, leaving the OpenCL and
CUDA stuff for you to fuzz (you'll need to modify the script, perhaps to
read the format names and test vectors from a text file).

> command1: ./john --list=format-tests --format=cpu
> command2: ./john --list=format-tests
> 
> The output of command1 and command2 are the same.

Yes, which means that you built without OpenCL and CUDA support, like
you should have for now (for faster startup).  However, you'll need to
also make and fuzz a build with OpenCL and CUDA, actually focusing on
-opencl and -cuda formats, in a separate directory.  For -cuda, you'll
need to run this on a machine with at least an NVIDIA GPU.  For -opencl,
there's no such requirement, because OpenCL may also target CPU (but you
do need an OpenCL SDK installed).

I think that so far -opencl and -cuda formats have mostly escaped our
fuzzing, because we were excluding them for simplicity.  Yet they may
contain buggy valid() and such just like the CPU formats often do.

Alexander

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.