Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <CABtNtWG0vbZXiE=UOdOrwawNo8JvrdX-dYzfFX2GeEYKthbHHQ@mail.gmail.com>
Date: Mon, 1 Jun 2015 18:18:34 +0800
From: Kai Zhao <loverszhao@...il.com>
To: john-dev@...ts.openwall.com
Subject: Re: Kai's weekly report #5

> And you only found issues with external mode?

There is another bug belongs to Markov mode.

https://github.com/magnumripper/JohnTheRipper/issues/1357

Did not find bugs on UserClasses, Mask, Regen_Salts_UserClasses.

> Does this mean you think you're done with fuzzing?

The fuzzing target are these input sources:

-- input data for 2john tools
-- hashes
-- wordlists
-- rules
-- chr
-- config files (non-rules parts)
-- command line options
-- environment variables

All of the input sources have been fuzzed. But it's impossible that there is
an end to some of the them. Such as, command line options have nearly
infinite combinations. As the 2john tools are simple, I think the fuzzing of
2john tools is done. As other input sources, I think we can continue
fuzzing as we need.

> I'd expect more issues with invalid hash encodings passing valid() in
> many formats in jumbo.  I think this is worth further fuzzing, perhaps
> with greater specialization to the task.

Yes, although I have fuzzed hashes about two weeks, I think it is worth
keeping fuzzing since there are hundreds of hashes. I will fuzz hashes in
the following several weeks.

Thanks,

Kai

Content of type "text/html" skipped

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.