Date: Sat, 6 Jun 2015 10:58:58 +0300 From: Solar Designer <solar@...nwall.com> To: john-dev@...ts.openwall.com Subject: Re: poor man's fuzzer On Fri, Jun 05, 2015 at 08:13:28PM +0200, Frank Dittrich wrote: > Alexander Cherepanov also posted a john format fuzzer some time ago > which uncovered tons of bugs: > http://article.gmane.org/gmane.comp.security.openwall.john.devel/8105 Yes, I knew that. I didn't recall that he also had a script called fuzz.pl, though. I would have named mine differently then. > It needs some adjustments: > -it is not longer necessary to search the source code for hashes, this > can be replaced with ./john --list=format-tests | cut -f 3 This is already implemented in my fuzz.pl. > -some hashes use additional delimiters between components of hashes, > e.g., '#' instead of just '$' and '*'. Good point! We need to add more overstrike characters to my fuzz.pl. Right now, it uses '9' and '$'. > and may be > -don't run each format against all the fuzzed format tests of all > formats (at least not as long as you find bugs by just fuzzing the > format specific hashes This is also already implemented in my fuzz.pl. It keeps track of not only test vectors, but also the corresponding format names. Alexander
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.