Date: Sun, 12 Jul 2015 19:46:48 +0800 From: Kai Zhao <loverszhao@...il.com> To: john-dev@...ts.openwall.com Subject: Re: more robustness Hi Alexander, > And I'd test further format methods as well, perhaps those the loader > would use. So don't proceed to crypt_all(), but do test everything > leading up to it. To mimic the real cracking process, I tried to change the loader.c to reuse for fuzzing. The last three commits reuse loader.c for fuzzing. https://github.com/loverszhaokai/JohnTheRipper/commit/c4a3fc5c177d5a4181ca5cb3d2b72de95ab8818e https://github.com/loverszhaokai/JohnTheRipper/commit/6300f5fae0713e740169250877a67ab9380ce71a https://github.com/loverszhaokai/JohnTheRipper/commit/f8a6f01a12e47cb9d951a7733fa0a69af1bd6204 After reuse loader.c::ldr_load_pw_line(), --fuzz now fuzz those functions: prepare(), valid(), init(), split(), binary(), salt(), salt_hash(). However, there are some functions in crack.c before crypt_all(), such as set_salt(), clear_keys(), set_key(). **Should I fuzz these functions ? ** There are 4 bugs found by the latest --fuzz. https://github.com/loverszhaokai/JohnTheRipper/tree/fuzz_option Bugs are below: https://github.com/magnumripper/JohnTheRipper/issues/1548 https://github.com/magnumripper/JohnTheRipper/issues/1547 https://github.com/magnumripper/JohnTheRipper/issues/1546 https://github.com/magnumripper/JohnTheRipper/issues/1545 Thanks, Kai Content of type "text/html" skipped
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.