As3Crypto has been open-source from the start, but the development, iteration and feedback process isn’t quite as open and collaborative as it should be.
There is this one guy controlling every aspect of it, hiding his precious source code until he deems it ready for another release, and generally being way too slow at moderating blog (…)
A couple years ago, I wrote this little Java Explorer script that used Liveconnect to inspect available Java classes. It included a little console that made it easy to play with those classes and their members to see what they seemed to do.
More recently, when the Flash Player 10 beta came out, I ended up (…)
Apparently, ActionScript 2 isn’t dead yet.
While I anxiously await the day popular gizmos like the Wii or the iPhone get to run as3 bytecode, there are apparently still legitimate reasons to want to code with As2.
There already are various chunks of code out there to encrypt stuff with As2, the most popular being probably still (…)
There we go, Flash now has a TLS 1.0 implementation written entirely in ActionScript.
In spite of my previous post, I didn’t feel right releasing something that didn’t have a shot at protecting against Man-in-the-middle attacks, so I took a few more days to implement some X.509 certificate parsing and validating.
This release ships with a number (…)
Right now, any ByteArray you feed to MD5 will get messed with, in 2 ways:
Some padding will be added to the end of it
The endianness of the array will be forced to little-endian.
You see, TLS has this “finished” message as part of its handshake that requires to compute an MD5 hash and a SHA-1 hash (…)
I need a better comment spam system.. I just had to go through 1075 comments, to extract the few that weren’t spam.
16 comments approved
1058 comments marked as spam
1 comment unchanged
Now, you could argue I should just moderate those things as they come in, and you’d be right.
Anyway.. not too long after my previous comment, my (…)
So my 1.2 release ends up being less awesome than hoped.
I had a bunch of bug fixes I was sitting on, hoping I’d release them at the same time as some new neat thing, but the new neat thing is taking longer than planned, and the blog comments make it clear you guys are already (…)
I’ve just pushed version 1.1 of the as3 crypto library out.
New stuff (from the release notes):
- secret key: DES, 3DES, BlowFish
- mode: CTR, SimpleIV
- demo UI: Added unit tests
- added toString() to each algorithm
- added dispose() to each algorithm. dispose() attempts to clear keys and states from the memory, but it is not guaranteed to (…)
ActionScript 3 has several new features such as ByteArray and uint, that make number crunching on the web less slow than you’re used to.
So it seemed like having a crypto library for as3 would make a lot of sense.
For as2, there was Meychi’s ASCrypt library, and while it would be easy to port them (…)
You are currently browsing the archives for the Security category.
Metal Hurlant is a Silicon Valley Code Monkey with an interest in Security, Web Applications and their intersection.