Apparently, ActionScript 2 isn’t dead yet.
While I anxiously await the day popular gizmos like the Wii or the iPhone get to run as3 bytecode, there are apparently still legitimate reasons to want to code with As2.
There already are various chunks of code out there to encrypt stuff with As2, the most popular being probably still (…)
There we go, Flash now has a TLS 1.0 implementation written entirely in ActionScript.
In spite of my previous post, I didn’t feel right releasing something that didn’t have a shot at protecting against Man-in-the-middle attacks, so I took a few more days to implement some X.509 certificate parsing and validating.
This release ships with a number (…)
Previously, ARC4.as would work as a block cipher. Every call to encrypt() and decrypt() would re-initialize its internal state, guaranteeing the same instance could encrypt and decrypt the same data.
Unfortunately, that’s not how TLS expects things to work. rc4 is seen as a stream cipher, and it is expected to maintain its internal state, so (…)
Right now, any ByteArray you feed to MD5 will get messed with, in 2 ways:
Some padding will be added to the end of it
The endianness of the array will be forced to little-endian.
You see, TLS has this “finished” message as part of its handshake that requires to compute an MD5 hash and a SHA-1 hash (…)
I need a better comment spam system.. I just had to go through 1075 comments, to extract the few that weren’t spam.
16 comments approved
1058 comments marked as spam
1 comment unchanged
Now, you could argue I should just moderate those things as they come in, and you’d be right.
Anyway.. not too long after my previous comment, my (…)
You are currently browsing the Metal Hurlant weblog archives for November, 2007.
Metal Hurlant is a Silicon Valley Code Monkey with an interest in Security, Web Applications and their intersection.