john-dev - Re: Kai's weekly report #5

Follow @Openwall on Twitter for new release announcements and other news

[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]

Message-ID: <20150601095936.GB29213@openwall.com>
Date: Mon, 1 Jun 2015 12:59:36 +0300
From: Solar Designer <solar@...nwall.com>
To: john-dev@...ts.openwall.com
Subject: Re: Kai's weekly report #5

On Mon, Jun 01, 2015 at 05:37:34PM +0800, Kai Zhao wrote:
> Accomplishments:
> 1. Fuzz config (non-rules parts), includes Markov, UserClasses,
>    Mask, Regen_Salts_UserClasses and External.

And you only found issues with external mode?

> 2. Fuzz environment variables, found no bugs.
> 
> Priorities:
> 1. Figure out which coding style we want, document it, convert to it.
> 2. Figure out which C standard we want, document it, convert to it.

Does this mean you think you're done with fuzzing?

I'd expect more issues with invalid hash encodings passing valid() in
many formats in jumbo.  I think this is worth further fuzzing, perhaps
with greater specialization to the task.

Also, what has happened to Alexander Cherepanov's idea to introduce
generic and easy to use string validation functions to be called from
new/replacement implementations of valid()?

Alexander

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.