Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Thu, 18 Jun 2015 08:49:51 +0800
From: Kai Zhao <>
Subject: Re: Fuzzing Report on hashes

> Why the speed is so low? Due to the choice of hashes to start with or
> there are other reasons? Which hashes did you start with?

> There is no --format option in this command line. I don't see much sense
> in fuzzing without fixing a format but I'm not sure how much it can slow
> things down. Fuzzing distinct formats separately gives you an opportunity
> to parallelize the process easily.

Slow is because I fuzz the all 220 formats(no OpenCL and no CUDA) at
the same time, namely there are 220 formats in the input_cases folder.
And that's why no --format option in this command line.
Should I fuzz each formats separately ? There are so many formats.

> BTW have you tried to parallelize fuzzing with afl as described in
> parallel_fuzzing.txt?

Yes, I tried. It does help a lot. I did not use the parallelize since I run
several afl at the same time to fuzz different parts of john. It would be
better to use parallelize when there is only one afl, otherwise it will be

> Do you know why it's so slow?

Because it is with asan and fuzz 220 formats at the same time. The fastest
speed with asan is about 100~130 exec/sec. Since there are 220 formats,
so it will slow than the fastest speed.

> Anyway I don't think we should fuzz with asan unless we get a hint that
> it's worth it. One of nice things about afl is that it generates a good
> of samples. Hence, generate a corpus without asan, then run it with asan
> and/or under valgrind.
> And we should save the generated corpus.

Fuzz with asan is slow but we have found many bugs with asan.
What's the corpus? Are they the files in "out/crashes/" ?

> AIUI afl should easily find the same bugs. Probably we are doing
> something wrong. I'll look into it in more details a bit later.

Yes, many of the bugs found by afl are the same.



Content of type "text/html" skipped

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.