Tweaking RC4 to support streaming, and TLSSocket
Previously, ARC4.as would work as a block cipher. Every call to encrypt() and decrypt() would re-initialize its internal state, guaranteeing the same instance could encrypt and decrypt the same data.
Unfortunately, that’s not how TLS expects things to work. rc4 is seen as a stream cipher, and it is expected to maintain its internal state, so that multiple calls to encrypt() are equivalent to one concatenated call to encrypt().
So ARC4’s constructor gets a second argument, that enables that behavior. Also Crypto.as will treat “rc4-*” ciphers as streaming cipher. To get a block-like cipher, use “rc4block”.
Also, I’m cobbling together a TLSSocket class, that acts like a Socket class, but with TLS.
Sample use looks like:
var t:TLSSocket = new TLSSocket;
t.connect("login.live.com", 443);
t.writeUTFBytes("GET / HTTP/1.0nHost: login.live.comnn");
t.addEventListener(Event.CLOSE, function(e:*):void {
var s:String = t.readUTFBytes(t.bytesAvailable);
trace("Response: "+s);
});
The biggest part missing still is the utter lack of server certificate validation, although I don’t think that’ll stop me from putting an update out.
I’m giving myself another evening to clean stuff up.
Explore posts in the same categories: Uncategorized
November 9th, 2007 at 12:21 am
Hi, Metal Hurlant, I am a Chinese web developer. Maybe it is not properly to deliver the message along with this post, however I have to ask you for help. I found that you deleted the function of signature in RSA which uses private key to encrypt a text and uses the corresponding public key to decrypt the cipher. That’s to say, the function of signature which ever existed in your previous version was deleted from the lastest version(v1.2) — which function left only in RSA is encryption. I tried my best to add this function(signature) back, but I failed, because of my poor capabilities. I solicitously hope you can add the function of signature in RSA back to the new version very recently. Thank you very much!!!!!!!!!!