Taylor Hornby defuse

## sidechannel_encode.php
<?php

// THIS CODE IS EXPERIMENTAL. DO NOT USE IT.
// ALSO NOTE THERE IS NO ERROR CHECKING!

function side_channel_safe_encode($binary_string)
{
    // We only use 5 bits from every byte, so for 256 bits we need 52 bytes.
    $random = mcrypt_create_iv(52, MCRYPT_DEV_URANDOM);
    $printable_blind_key = '';

## hex.php
<?php

// WARNING: THIS IS EXPERIMENTAL CODE. DO NOT USE IT.

// --- binary to hex encoding ---

function sc_bin2hex($binary)
{
    $encoded = '';
    for ($i = 0; $i < strlen($binary); $i++) {

## keybase.md

      
              1 file
            
          
              0 forks
            
          
              0 comments
            
          
              0 stars
            
          
                defuse
                / keybase.md
            
            
              Created
              March 7, 2014 05:20
            
              
                keybase.io
              
          
    Keybase proof

I hereby claim:

I am defuse on github.
I am defuse (https://keybase.io/defuse) on keybase.
I have a public key whose fingerprint is BFAE 45EB D356 1D91 E3E2  56C2 DFA8 209C E967 8D5D

To claim this, I am signing this object:

  
## multitarget.rb
# This script answers the following question:
# Alice chooses N random numbers between 1 and K.
# Bob chooses G random numbers between 1 and K.
# What is the probability that at least one number is chosen by both of them?

# Computes (K-N choose G) / (K choose G) in O(N)-ish time.

k = 1_000_000_000
n = 10_000
g = 100_000

## paypal_process.rb
# WARNING! There is no warranty. This script might not work!

FILE = "Download.csv"
rows = []

File.open( FILE ) do |f|
  rows = f.readlines()
end

rows = rows[1..-1]

## algorithm.txt
Goal:
    You're given a sequence of random alphanumeric characters (0-9a-zA-Z, 62
    possible characters), for example from a password generator. Convert it into
    a sequence of random *bits*.

    The output should have the property:

        The alphanumeric character RNG can be distinguished from random if and
        only if the alphanumeric character RNG, with the conversion algorithm
        attached, can be distinguished from random.

## stats.txt
WARNING: This takes about 10-20 hours to run, depending on your system.
1%...
2%...
3%...
4%...
5%...
6%...
7%...
8%...
9%...

## constant.c
// WARNING! This code is untested and experimental. DO NOT USE IT.

// NOTE: If I knew of a way to do the "shift and OR" thing reliably with unsigned ints, the code could be simplified a lot.

// Will always be compiled with -std=c99

// Returns UINT32_MAX if a == b, 0 otherwise.
uint32_t invariant_time_integer_compare(uint32_t a, uint32_t b)
{
    /* z will be zero if and only if a == b. */

## infoleak.php
<?php
// Broken crypto code from https://github.com/slimphp/Slim/blob/develop/Slim/Crypt.php
function validateKeyLength($key, $module)
    {
        $keySize = strlen($key);
        $keySizeMin = 1;
        $keySizeMax = mcrypt_enc_get_key_size($module);
        $validKeySizes = mcrypt_enc_get_supported_key_sizes($module);
        if ($validKeySizes) {
            if (!in_array($keySize, $validKeySizes)) {

## attack.php
<?php

/*
 * Padding oracle attack against https://github.com/keboola/php-encryption
 * By: Taylor Hornby.
 * Date: March 14, 2014.
 */

/* Download the two files and place in the same folder. */
require_once('EncryptorInterface.php');
	<?php

	// THIS CODE IS EXPERIMENTAL. DO NOT USE IT.
	// ALSO NOTE THERE IS NO ERROR CHECKING!

	function side_channel_safe_encode($binary_string)
	{
	// We only use 5 bits from every byte, so for 256 bits we need 52 bytes.
	$random = mcrypt_create_iv(52, MCRYPT_DEV_URANDOM);
	$printable_blind_key = '';
	<?php

	// WARNING: THIS IS EXPERIMENTAL CODE. DO NOT USE IT.

	// --- binary to hex encoding ---

	function sc_bin2hex($binary)
	{
	$encoded = '';
	for ($i = 0; $i < strlen($binary); $i++) {
	# This script answers the following question:
	# Alice chooses N random numbers between 1 and K.
	# Bob chooses G random numbers between 1 and K.
	# What is the probability that at least one number is chosen by both of them?

	# Computes (K-N choose G) / (K choose G) in O(N)-ish time.

	k = 1_000_000_000
	n = 10_000
	g = 100_000
	# WARNING! There is no warranty. This script might not work!

	FILE = "Download.csv"
	rows = []

	File.open( FILE ) do \|f\|
	rows = f.readlines()
	end

	rows = rows[1..-1]
	Goal:
	You're given a sequence of random alphanumeric characters (0-9a-zA-Z, 62
	possible characters), for example from a password generator. Convert it into
	a sequence of random bits.

	The output should have the property:

	The alphanumeric character RNG can be distinguished from random if and
	only if the alphanumeric character RNG, with the conversion algorithm
	attached, can be distinguished from random.
	WARNING: This takes about 10-20 hours to run, depending on your system.
	1%...
	2%...
	3%...
	4%...
	5%...
	6%...
	7%...
	8%...
	9%...
	// WARNING! This code is untested and experimental. DO NOT USE IT.

	// NOTE: If I knew of a way to do the "shift and OR" thing reliably with unsigned ints, the code could be simplified a lot.

	// Will always be compiled with -std=c99

	// Returns UINT32_MAX if a == b, 0 otherwise.
	uint32_t invariant_time_integer_compare(uint32_t a, uint32_t b)
	{
	/* z will be zero if and only if a == b. */
	<?php
	// Broken crypto code from https://github.com/slimphp/Slim/blob/develop/Slim/Crypt.php
	function validateKeyLength($key, $module)
	{
	$keySize = strlen($key);
	$keySizeMin = 1;
	$keySizeMax = mcrypt_enc_get_key_size($module);
	$validKeySizes = mcrypt_enc_get_supported_key_sizes($module);
	if ($validKeySizes) {
	if (!in_array($keySize, $validKeySizes)) {
	<?php

	/*
	* Padding oracle attack against https://github.com/keboola/php-encryption
	* By: Taylor Hornby.
	* Date: March 14, 2014.
	*/

	/* Download the two files and place in the same folder. */
	require_once('EncryptorInterface.php');