Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Date: Sat, 6 Jun 2015 11:22:15 +0300
From: Solar Designer <solar@...nwall.com>
To: john-dev@...ts.openwall.com
Subject: Re: poor man's fuzzer

On Sat, Jun 06, 2015 at 04:04:14PM +0800, Kai Zhao wrote:
> ./john --skip-self-tests --nolog --encoding=raw --stdin --session=$session
> --pot=$pot --format=$f $pwfile
> 
> I guess the $session file is just an empty file.

It's a session name that is unique to this fuzz.pl child process.
Without this option, all of the john processes would use the default
session name, meaning they'd use john.rec for their crash recovery
filename.  They would then clash on trying to flock() that one shared
file, so most would refuse to run and the fuzzing would be vastly
incomplete.  Also, I am actually passing a pathname to a file (to be
created by john) under /dev/shm/fuzz.  Placing those files in there, as
opposed to having them on the current on-disk filesystem, speeds things
up (and prolongs lifetime of the disks), assuming that /dev/shm is a
tmpfs mount.

BTW, your question shows that you still lack JtR usage experience, as a
user.  You could want to familiarize yourself with JtR usage some more.

> I will test OpenCL and CUDA.

Thanks.  When testing OpenCL, I recommend that you pass a --dev option
to choose a device other than an AMD GPU.  Have it use CPUs or an NVIDIA
GPU instead.  The AMD driver is very fragile - it is too easy to crash
the system if you fuzz john when it uses an AMD GPU (you'd sort of end
up stress-testing the AMD driver, possibly more than you'd fuzz john).
For example, on super you need to avoid --dev=0 and --dev=1 (which are
AMD GPUs).  You may use --dev=2 or --dev=3 (CPUs) or --dev=5 (NVIDIA).

Alexander

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.