Quantcast
[ 3 / biz / cgl / ck / diy / fa / g / ic / jp / lit / sci / tg / vr / vt ] [ index / top / reports / report a bug ] [ 4plebs / archived.moe / rbt ]

Due to resource constraints, /g/ and /tg/ will no longer be archived or available. Other archivers continue to archive these boards.Become a Patron!

/g/ - Technology


View post   

[ Toggle deleted replies ]
File: 165 KB, 263x494, scr.png [View same] [iqdb] [saucenao] [google] [report]
72095359 No.72095359 [Reply] [Original] [archived.moe] [rbt]

Hey guys. Im writing a End to end encrypted chat system in C. ive got a library to handle encryption using AES256, got that working.
I got a library for hashing passwords into keys, Keccak-based. I also got a library supposed to perform the key exchange via diffie-hellman.
No i got it working, sort of.
The last Byte seems to be different with the two keys, being 0 in one and the other one being an actual key value (as its supposed to be).

pic related. (last byte)

Anyone worked with this yet?
https://github.com/kokke/tiny-ECDH-c

Thanks guys!

>> No.72095627

I figured it out, im an idiot.
key was correct, i was printing invalid memory.

printf("%2hhX %s", pubb[i-1], i % 8 ? "" : "\n");
instead of
printf("%2hhX %s", pubb, i % 8 ? "" : "\n");

>> No.72095654

nobody cares

>> No.72095674

Nice work.

>> No.72095734

>>72095627
You can't even print a public key without buffer overrun. I hope this is just a personal project that no one is intended to ever use.

>> No.72095903

>>72095734
lol. bet that hasnt ever happened to you, the god amongst men.
What an idiot

>> No.72096560

>>72095359
>Hey guys. Im writing a End to end encrypted chat system in C.
not this shit again, fucking hell

>> No.72096669

When will Cniles learn? Just use Rust

>> No.72096805
File: 98 KB, 800x737, e4fdd39d70249102228bb1fa1a17801f2a42b9a3f4d266a6c04e9be3b74223fb.jpg [View same] [iqdb] [saucenao] [google] [report]
72096805

>>72095627
Congratulations anon.

>> No.72096808
File: 440 KB, 645x1260, it's over.png [View same] [iqdb] [saucenao] [google] [report]
72096808

>>72095359
>encrypted chat system
>in C

One post later:
>i was printing invalid memory

Encryption is hard to get right, C is hard to get right (as you just saw), combine the two and you're in for a nightmare.

Just save yourself the trouble, crypto is one of the those things that you shouldn't reinvent, not even for the educational value, because even if you do, you should consider it trivially easy to crack and unsafe, until you actually determine how hard it is to crack. A more productive use of your time would be learning infosec and cryptanalysis.

>> No.72096855

>>72096808
why not combine everything?
I wrote a diffie-hellman implementation couple months ago, then asked myself how this could be broken and wrote one brute-force script and a full exploit..
learned a lot during that project

>> No.72097446

-fsanitize=address -fsanitize=undefined
thank me by killing yourself

>> No.72097564

>>72095627
I've never seen anyone using the hh length specifier before.
>For integer types, causes printf to expect an int-sized integer argument which was promoted from a char.
Sounds like it should have no effect.

>> No.72097638

>>72096855
I think it's best if you're trying to find flaws in someone else's code, because you're naturally biased towards your own (you're more lenient, familiarity leads to a false sense of security...).
Also there's the added bonus of seeing the same problem from another point of view, you might pick up a creative approach you didn't think of while looking at someone else's code.

"Not even for the educational value" was a bit of a hyperbole, what I meant is practical implementations of algorithms are short and based on complicated mathematics. Unless you also know all that theory, you're basically copying and pasting a bunch of lines of code, or translating pseudocode into the language of choice, without understanding what purpose they serve. You're simply not learning as much as you could with your time that way. Trying to break something that you already know and understand well is more productive than poking around a black box.

>> No.72097659

>>72095903
>bet that hasnt ever happened to you
It happens to literally everyone. That's why nobody writes sensitive systems in C anymore. It's fucking garbage and this bullshit pops up everywhere.

>> No.72097907

>>72095359
Can I put your work in my portfolio CV?Askin for a friend

>> No.72097944

>>72097638
totally agree with you
what I did ultimately gave me a better understanding of how to write more secure code and find my own flaws, which is what I wanted as well as to learn a couple other things on the side
the only way someones own encryption can go right is if the algorithm is public and has been tested by many people through many iterations before being used
It's something that must not only be well understood but also well implemented and that is very difficult to do
but starting somewhere and doing something just for the heck of it is always better than doing nothing, especially if it's fun

>> No.72099805
File: 113 KB, 1280x720, 1488977378371.jpg [View same] [iqdb] [saucenao] [google] [report]
72099805

>>72097659
Are there ways to mitigate C's shittiness that don't completely cripple its performance, while also making it more reliable?
Speaking of sensitive systems, is Ada just a meme (I've read a bunch of software written for spacecrafts used it), or is it actually viable for sensitive tasks in general?

>>72097944
>but starting somewhere and doing something just for the heck of it is always better than doing nothing, especially if it's fun
That''s the spirit!

>> No.72100325

>>72097659
> That's why nobody writes sensitive systems in C anymore. It's fucking garbage and this bullshit pops up everywhere.
Military hardware and avionics would disagree with you. It's mostly C or a variant of C

>> No.72100787

>>72096808
>I'm afraid of making a mistake. That's why I have low test, and lock my fem penis in a cage.

>> No.72101078
File: 59 KB, 960x882, 555 come on now.jpg [View same] [iqdb] [saucenao] [google] [report]
72101078

>>72100787
>I literally can't stop thinking about cocks
>I don't give a shit about security of any kind, that's how I got AIDS

>> No.72101562

>>72101078
lol what a faggot

>>
Name (leave empty)
Comment (leave empty)
Name
E-mail
Subject
Comment
Password [?]Password used for file deletion.
Captcha
Action