Archive for November, 2007

Backport of some As3Crypto stuff to As2

Thursday, November 29th, 2007

Apparently, ActionScript 2 isn’t dead yet.
While I anxiously await the day popular gizmos like the Wii or the iPhone get to run as3 bytecode, there are apparently still legitimate reasons to want to code with As2.
There already are various chunks of code out there to encrypt stuff with As2, the most popular being probably still (…)

As3Crypto 1.3 is out, TLS support is in.

Monday, November 19th, 2007

There we go, Flash now has a TLS 1.0 implementation written entirely in ActionScript.
In spite of my previous post, I didn’t feel right releasing something that didn’t have a shot at protecting against Man-in-the-middle attacks, so I took a few more days to implement some X.509 certificate parsing and validating.
This release ships with a number (…)

Tweaking RC4 to support streaming, and TLSSocket

Wednesday, November 7th, 2007

Previously, would work as a block cipher. Every call to encrypt() and decrypt() would re-initialize its internal state, guaranteeing the same instance could encrypt and decrypt the same data.
Unfortunately, that’s not how TLS expects things to work. rc4 is seen as a stream cipher, and it is expected to maintain its internal state, so (…)

Badness in, plus TLS update

Tuesday, November 6th, 2007

Right now, any ByteArray you feed to MD5 will get messed with, in 2 ways:

Some padding will be added to the end of it
The endianness of the array will be forced to little-endian.

You see, TLS has this “finished” message as part of its handshake that requires to compute an MD5 hash and a SHA-1 hash (…)

Coming out of hibernation

Saturday, November 3rd, 2007

I need a better comment spam system.. I just had to go through 1075 comments, to extract the few that weren’t spam.
16 comments approved
1058 comments marked as spam
1 comment unchanged
Now, you could argue I should just moderate those things as they come in, and you’d be right.
Anyway.. not too long after my previous comment, my (…)