Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sun, 12 Jul 2015 19:46:48 +0800
From: Kai Zhao <>
Subject: Re: more robustness

Hi Alexander,

> And I'd test further format methods as well, perhaps those the loader
> would use.  So don't proceed to crypt_all(), but do test everything
> leading up to it.

To mimic the real cracking process, I tried to change the loader.c to reuse
for fuzzing. The last three commits reuse loader.c for fuzzing.

After reuse loader.c::ldr_load_pw_line(), --fuzz now fuzz those functions:
prepare(), valid(), init(), split(), binary(), salt(), salt_hash().
However, there
are some functions in crack.c before crypt_all(), such as set_salt(),
clear_keys(), set_key(). **Should I fuzz these functions ? **

There are 4 bugs found by the latest --fuzz.

Bugs are below:



Content of type "text/html" skipped

Powered by blists - more mailing lists

Your e-mail address:

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.