Skip to content

Instantly share code, notes, and snippets.

Avatar
🔬

Taylor Hornby defuse

🔬
View GitHub Profile
@defuse
defuse / sidechannel_encode.php
Last active Aug 29, 2015
Proposal for side-channel safe encoding.
View sidechannel_encode.php
<?php
// THIS CODE IS EXPERIMENTAL. DO NOT USE IT.
// ALSO NOTE THERE IS NO ERROR CHECKING!
function side_channel_safe_encode($binary_string)
{
// We only use 5 bits from every byte, so for 256 bits we need 52 bytes.
$random = mcrypt_create_iv(52, MCRYPT_DEV_URANDOM);
$printable_blind_key = '';
@defuse
defuse / hex.php
Last active Aug 29, 2015
Side channel safe hex encoding?
View hex.php
<?php
// WARNING: THIS IS EXPERIMENTAL CODE. DO NOT USE IT.
// --- binary to hex encoding ---
function sc_bin2hex($binary)
{
$encoded = '';
for ($i = 0; $i < strlen($binary); $i++) {
@defuse
defuse / bcrypt-h.txt
Last active Aug 29, 2015
BCRYPT-H proof
View bcrypt-h.txt
Sketch of a security proof for BCRYPT(H(X)). This probably contains errors.
UPDATE: Only assume BCRYPT is collision resistant for X <= 72.
Define the BCRYPT-H(S, X) algorithm as follows:
UPDATE: Gah... the whole 'byte' thing isn't necessary at all. I originally
intended to pass *either* the actual X (with a zero byte prefix) or H(X) with
a 0x01 byte prefix, to bcrypt. I forgot to do that, and instead always passed
the hash with the byte prefix based on the length. The proof is still valid,
View keybase.md

Keybase proof

I hereby claim:

  • I am defuse on github.
  • I am defuse (https://keybase.io/defuse) on keybase.
  • I have a public key whose fingerprint is BFAE 45EB D356 1D91 E3E2 56C2 DFA8 209C E967 8D5D

To claim this, I am signing this object:

@defuse
defuse / multitarget.rb
Created Mar 13, 2014
Multi-target guessing probability.
View multitarget.rb
# This script answers the following question:
# Alice chooses N random numbers between 1 and K.
# Bob chooses G random numbers between 1 and K.
# What is the probability that at least one number is chosen by both of them?
# Computes (K-N choose G) / (K choose G) in O(N)-ish time.
k = 1_000_000_000
n = 10_000
g = 100_000
@defuse
defuse / paypal_process.rb
Created Mar 15, 2014
Paypal Download.csv processor
View paypal_process.rb
# WARNING! There is no warranty. This script might not work!
FILE = "Download.csv"
rows = []
File.open( FILE ) do |f|
rows = f.readlines()
end
rows = rows[1..-1]
@defuse
defuse / algorithm.txt
Last active Aug 29, 2015
Random Characters to Random Bits
View algorithm.txt
Goal:
You're given a sequence of random alphanumeric characters (0-9a-zA-Z, 62
possible characters), for example from a password generator. Convert it into
a sequence of random *bits*.
The output should have the property:
The alphanumeric character RNG can be distinguished from random if and
only if the alphanumeric character RNG, with the conversion algorithm
attached, can be distinguished from random.
@defuse
defuse / stats.txt
Created Apr 2, 2014
Statistical Test
View stats.txt
WARNING: This takes about 10-20 hours to run, depending on your system.
1%...
2%...
3%...
4%...
5%...
6%...
7%...
8%...
9%...
@defuse
defuse / constant.c
Last active Aug 29, 2015
Constant Time Array Lookup?
View constant.c
// WARNING! This code is untested and experimental. DO NOT USE IT.
// NOTE: If I knew of a way to do the "shift and OR" thing reliably with unsigned ints, the code could be simplified a lot.
// Will always be compiled with -std=c99
// Returns UINT32_MAX if a == b, 0 otherwise.
uint32_t invariant_time_integer_compare(uint32_t a, uint32_t b)
{
/* z will be zero if and only if a == b. */
@defuse
defuse / infoleak.php
Created Mar 1, 2015
PHP Exception Leaks Encryption Key
View infoleak.php
<?php
// Broken crypto code from https://github.com/slimphp/Slim/blob/develop/Slim/Crypt.php
function validateKeyLength($key, $module)
{
$keySize = strlen($key);
$keySizeMin = 1;
$keySizeMax = mcrypt_enc_get_key_size($module);
$validKeySizes = mcrypt_enc_get_supported_key_sizes($module);
if ($validKeySizes) {
if (!in_array($keySize, $validKeySizes)) {
You can’t perform that action at this time.