[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20150605131803.GA18457@openwall.com>
Date: Fri, 5 Jun 2015 16:18:03 +0300
From: Solar Designer <solar@...nwall.com>
To: john-dev@...ts.openwall.com
Subject: Re: poor man's fuzzer
On Fri, Jun 05, 2015 at 04:04:37PM +0300, Solar Designer wrote:
> This is surprising:
>
> $ cat /dev/shm/fuzz/pot*
> $openssl$0$0$8$3059edc2a0521011$bf11609a01e78ec3f50f0cc483e636f9$1$0:wrong password wrong password wrong password wrong password wrong password wrong password wrong password wrong password wrong
> $openssl$0$0$8$305cedc2a0521911$bf11609a01e78ec3f50f0cc483e636f9$1$0:wrong password wrong password wrong password wrong password wrong password wrong password wrong password wrong password wrong
>
> What's this? False positives? Did I possibly overrun into a "cracked"
> variable? (Dhiru likes those so much.) Kai, you should run fuzz.pl
> against an asan-enabled build - this will probably catch many more issues.
I think we should enhance fuzz.pl to detect producing non-empty pot as
an error in john, and record the sample. It isn't hard to "cat pot*",
but it is easy to forget to do that.
Alexander
Powered by blists - more mailing lists
Confused about mailing lists and their use?
Read about mailing lists on Wikipedia
and check out these
guidelines on proper formatting of your messages.
