Date: Thu, 18 Jun 2015 08:49:51 +0800 From: Kai Zhao <loverszhao@...il.com> To: john-dev@...ts.openwall.com Subject: Re: Fuzzing Report on hashes > Why the speed is so low? Due to the choice of hashes to start with or > there are other reasons? Which hashes did you start with? > There is no --format option in this command line. I don't see much sense > in fuzzing without fixing a format but I'm not sure how much it can slow > things down. Fuzzing distinct formats separately gives you an opportunity > to parallelize the process easily. Slow is because I fuzz the all 220 formats(no OpenCL and no CUDA) at the same time, namely there are 220 formats in the input_cases folder. And that's why no --format option in this command line. Should I fuzz each formats separately ? There are so many formats. > BTW have you tried to parallelize fuzzing with afl as described in > parallel_fuzzing.txt? Yes, I tried. It does help a lot. I did not use the parallelize since I run several afl at the same time to fuzz different parts of john. It would be better to use parallelize when there is only one afl, otherwise it will be slow. > Do you know why it's so slow? Because it is with asan and fuzz 220 formats at the same time. The fastest speed with asan is about 100~130 exec/sec. Since there are 220 formats, so it will slow than the fastest speed. > Anyway I don't think we should fuzz with asan unless we get a hint that > it's worth it. One of nice things about afl is that it generates a good corpus > of samples. Hence, generate a corpus without asan, then run it with asan > and/or under valgrind. > And we should save the generated corpus. Fuzz with asan is slow but we have found many bugs with asan. What's the corpus? Are they the files in "out/crashes/" ? > AIUI afl should easily find the same bugs. Probably we are doing > something wrong. I'll look into it in more details a bit later. Yes, many of the bugs found by afl are the same. Thanks, Kai Content of type "text/html" skipped
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.