This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <cassert> | |
| int gcd(int a, int b) { | |
| assert(b < a); | |
| assert(b >= 0); | |
| assert(a >= 0); | |
| if (b == 0) { | |
| assert(a > 0); | |
dionyziz
/ session.php
Created
November 16, 2013 04:28
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| if ( !empty( $username ) && !empty( $password ) ) { | |
| if ( $id = User::authenticateUser( $username, $password ) ) { | |
| $_SESSION[ 'user' ] = array( | |
| 'userid' => $id, | |
| 'username' => $username | |
| ); | |
| throw new RedirectException( 'index.php?resource=dashboard&method=view' ); | |
| } | |
| throw new RedirectException( 'index.php?resource=session&method=create&error=yes' ); | |
| } |
dionyziz
/ session2.php
Created
November 16, 2013 04:30
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| if ( empty( $username ) ) { | |
| throw new RedirectException( 'index.php?empty_user=yes&resource=session&method=create' ); | |
| } | |
| if ( empty( $password ) ) { | |
| throw new RedirectException( 'index.php?empty_pass=yes&resource=session&method=create' | |
| } | |
| $id = User::authenticateUser( $username, $password ); | |
| if ( $id == false ) { | |
| throw new RedirectException( 'index.php?resource=session&method=create&error=yes' ); | |
| } |
dionyziz
/ static.php
Created
November 25, 2013 04:42
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| class A { | |
| public function __construct() { | |
| echo "I am an A\n"; | |
| } | |
| public static function bar() { | |
| new static(); | |
| } | |
| } |
dionyziz
/ gist:8120620
Last active
June 5, 2016 19:00
Difficulty of a security timing attack against an insecure PHP hash equality comparison, indicated by a local measure of timing deltas.
Example finds a difference of 10x in total time requiring 1,000,000 requests.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| define('N', 1000000); | |
| define('HASH', '0000000000000000000000'); | |
| define('MATCH', '0000000000000000000001'); | |
| define('MISMATCH', '1000000000000000000000'); | |
| function insecure_check_equality($expected, $actual) { | |
| if (strlen($expected) != strlen($actual)) { | |
| return false; | |
| } |
dionyziz
/ gist:8120722
Created
December 25, 2013 06:39
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| dionyziz@erdos ~ % time ./repeat.sh 0000000000000000000000 | |
| ./repeat.sh 0000000000000000000000 67.14s user 7.40s system 98% cpu 1:15.31 total | |
| dionyziz@erdos ~ % time ./repeat.sh 1000000000000000000000 | |
| ./repeat.sh 1000000000000000000000 67.31s user 7.30s system 98% cpu 1:15.38 total | |
| dionyziz@erdos ~ % cat repeat.sh | |
| #!/bin/bash | |
| for i in `seq 1 1000`; do | |
| php test.php $1 >/dev/null | |
| done |
dionyziz
/ gist:8169214
Created
December 29, 2013 10:43
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| default-key AFB046C7 | |
| keyserver pgp.mit.edu | |
| personal-digest-preferences SHA256 | |
| cert-digest-algo SHA256 | |
| default-preference-list SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES CAST5 ZLIB BZIP2 ZIP Uncompressed |
dionyziz
/ twister-install-osx
Created
December 31, 2013 21:37
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| dionyziz@erdos ~/workspace/twister/twister-core/src (master*) % make -f makefile.unix | |
| Building libtorrent ... | |
| Making all in include/libtorrent | |
| make[2]: Nothing to be done for `all'. | |
| Making all in src | |
| CXX web_connection_base.lo | |
| In file included from web_connection_base.cpp:40: | |
| In file included from ../include/libtorrent/web_connection_base.hpp:63: | |
| In file included from ../include/libtorrent/storage.hpp:36: | |
| In file included from ./../../src/leveldb.h:7: |
dionyziz
/ twister-install-debian
Created
December 31, 2013 21:53
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [0] dionyziz@gunther ~/workspace/twister % git clone https://github.com/miguelfreitas/twister-core.git | |
| Cloning into 'twister-core'... | |
| remote: Reusing existing pack: 25621, done. | |
| remote: Total 25621 (delta 0), reused 0 (delta 0) | |
| Receiving objects: 100% (25621/25621), 18.84 MiB | 4.04 MiB/s, done. | |
| Resolving deltas: 100% (19151/19151), done. | |
| [0] dionyziz@gunther ~/workspace/twister % cd twister-core | |
| [0] dionyziz@gunther ~/workspace/twister/twister-core (master) % uname -ar | |
| Linux gunther 2.6.32-5-amd64 #1 SMP Fri May 10 08:43:19 UTC 2013 x86_64 GNU/Linux | |
| [0] dionyziz@gunther ~/workspace/twister/twister-core (master) % cd libtorrent |
dionyziz
/ gist:8204841
Created
January 1, 2014 03:44
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [0] dionyziz@gunther ~/workspace/twister/twister-core/libtorrent (master*) % make | |
| Making all in include/libtorrent | |
| make[1]: Entering directory `/home/dionyziz/workspace/twister/twister-core/libtorrent/include/libtorrent' | |
| make[1]: Nothing to be done for `all'. | |
| make[1]: Leaving directory `/home/dionyziz/workspace/twister/twister-core/libtorrent/include/libtorrent' | |
| Making all in src | |
| make[1]: Entering directory `/home/dionyziz/workspace/twister/twister-core/libtorrent/src' | |
| CXX policy.lo | |
| policy.cpp: In function ‘uint32_t libtorrent::peer_priority(boost::asio::ip::basic_endpoint<boost::asio::ip::tcp>, boost::asio::ip::basic_endpoint<boost::asio::ip::tcp>)’: | |
| policy.cpp:172: error: no match for ‘operator>’ in ‘e1 > e2’ |