Tweaking RC4 to support streaming, and TLSSocket

Posted November 7th, 2007 by
Categories: Uncategorized

Previously, ARC4.as would work as a block cipher. Every call to encrypt() and decrypt() would re-initialize its internal state, guaranteeing the same instance could encrypt and decrypt the same data.

Unfortunately, that’s not how TLS expects things to work. rc4 is seen as a stream cipher, and it is expected to maintain its internal state, so that multiple calls to encrypt() are equivalent to one concatenated call to encrypt().

So ARC4’s constructor gets a second argument, that enables that behavior. Also Crypto.as will treat “rc4-*” ciphers as streaming cipher. To get a block-like cipher, use “rc4block”.

Also, I’m cobbling together a TLSSocket class, that acts like a Socket class, but with TLS.

Sample use looks like:

var t:TLSSocket = new TLSSocket;
t.connect("login.live.com", 443);
t.writeUTFBytes("GET / HTTP/1.0nHost: login.live.comnn");
t.addEventListener(Event.CLOSE, function(e:*):void {
var s:String = t.readUTFBytes(t.bytesAvailable);
trace("Response: "+s);
});

The biggest part missing still is the utter lack of server certificate validation, although I don’t think that’ll stop me from putting an update out.

I’m giving myself another evening to clean stuff up.

Badness in MD5.as, plus TLS update

Posted November 6th, 2007 by
Categories: Security, flash, actionscript

Right now, any ByteArray you feed to MD5 will get messed with, in 2 ways:

  • Some padding will be added to the end of it
  • The endianness of the array will be forced to little-endian.

You see, TLS has this “finished” message as part of its handshake that requires to compute an MD5 hash and a SHA-1 hash of the same array, then send a derivative of it to the server.

If the server doesn’t like your data, it will return a cryptic “Bad Mac Data” message, which really means “You messed up, but we’re not going to tell you where exactly because that’d help evil people too much.”

Anyway, long story short, MD5 doesn’t destroy the data it hashes anymore, and I am now able to send the “Finished” message from the client, and receive a “Finished” message from the server, which is a really good sign overall.

As soon as I get to the point where plain-text can be sent and received over a pseudo-secure connection, I’ll release something. (That’ll include an MD5 fix, at least.)
Note: “Pseudo-secure” means the client code will be missing a lot of sanity and security checks that any self-respecting TLS implementation ought to have. That also means you seriously shouldn’t use it yet. Still, it’s a start.
PS: For you folks who submitted bug reports and patches, I still care. I just need to get this TLS thing out of my system first. Then I’ll fix whatever I can.

Coming out of hibernation

Posted November 3rd, 2007 by
Categories: Security, flash, actionscript, sadness

I need a better comment spam system.. I just had to go through 1075 comments, to extract the few that weren’t spam.

16 comments approved
1058 comments marked as spam
1 comment unchanged

Now, you could argue I should just moderate those things as they come in, and you’d be right.

Anyway.. not too long after my previous comment, my laptop taught me a valuable lesson on the importance of having regular backups, which bummed me enough that I left this project alone for a little while.

I’m hoping to have a little bit more free time now, so expect some kind of update for this library soon(-ish.)

Thanks for your patience.

As3Crypto 1.2: now with less bugs

Posted April 29th, 2007 by
Categories: Security, flash, actionscript

So my 1.2 release ends up being less awesome than hoped.
I had a bunch of bug fixes I was sitting on, hoping I’d release them at the same time as some new neat thing, but the new neat thing is taking longer than planned, and the blog comments make it clear you guys are already trying to use what’s there, so I might as well make it work well.
I felt particularly bad when not once, but twice, a comment indicated someone ended up fixing something I had already fixed but not pushed yet.
I guess it’s time to adopt more of a “Release early, release often” cycle.
Hopefully the next release will have some authentic awesomeness built-in.

Until then, here are the release notes for this version:
- math: Completed BigInteger support. Moved BigInteger under com.hurlant.math
- public key: RSA decrypt and key generation
- crud: basic DER/PEM support to parse RSA keys (X.509 SubjectPublicKeyInfo and PKCS#1 RSAPrivateKey)
- random: support for TLS-PRF; weak attempt at seeding Random.
- hash: added MD2. slow legacy stuff.
- modes: CFB, CFB8 and OFB padding bug fixes
- secret key: TripeDES bug fix
- demo UI: added OpenSSL Monkey tab that checks that a few operations are compatible between As3Crypto and OpenSSL
- demo UI: added UI for RSA decryption and key generation

The DER/PEM line refers to the fact you can feed the library one of those openSSL-generated RSA keys that start with “—–BEGIN RSA PRIVATE KEY—–” or “—–BEGIN PUBLIC KEY—–”. Check RSAKeyTest.as for examples.

The current plan for the next release is to have enough code to be able to establish a simple TLS session, with various restrictions (I don’t have DSA nor DH yet, so I’m gunning for TLS_RSA_WITH_AES_128_CBC_SHA support, which is enough to talk to some popular https servers.)

As an aside, the BigInteger class should be sufficient to implement DH and DSA. I’m not going to focus on that for now, so if someone else feels like contributing, please do.

Actionscript Encryption Library Update

Posted March 4th, 2007 by
Categories: Security, flash, actionscript

I’ve just pushed version 1.1 of the as3 crypto library out.
New stuff (from the release notes):
- secret key: DES, 3DES, BlowFish
- mode: CTR, SimpleIV
- demo UI: Added unit tests
- added toString() to each algorithm
- added dispose() to each algorithm. dispose() attempts to clear keys and states from the memory, but it is not guaranteed to work.
- build-swc.xml file to allow command-line compilation of a .SWC library file.

Also, the library site includes a direct link to download the .SWC, and some benchmark numbers taken on my computer.

Beside a few more algorithms (dh, rmd160, dsa and the rest of rsa at least), the biggest missing chunk here is a way to guarantee the integrity of the encrypted content. It’s not terribly hard to rig something like that yourself, but I’d like to provide a way that can interoperate with other environments, so I’ll have to read around a bit on how those things are expected to happen.

An AS3 Cryptography Library

Posted February 20th, 2007 by
Categories: Security, flash, actionscript

ActionScript 3 has several new features such as ByteArray and uint, that make number crunching on the web less slow than you’re used to.

So it seemed like having a crypto library for as3 would make a lot of sense.

For as2, there was Meychi’s ASCrypt library, and while it would be easy to port them to AS3 (it’s been partially done, at least for MD5 and SHA-1), it wouldn’t take advantage of most of the speed increase AS3 provides.

Still, I’m way too lazy to rewrite a bunch of cryptography algorithms myself, so I pilfered and ported existing code to AS3 as much as possible.

So far, there’s support for RSA, AES, RC4, SHA-256 and HMAC, among other things.
Anyway, there’s a little page for the AS3 Crypto Library.
Play with it and let me know what you think.

More Fractals in AS3

Posted November 8th, 2006 by
Categories: web, flash, actionscript, fractal

odd fractalMy little fractal viewer has been updated. We now have pretty colors, julia support, smoother zooming, back and forward support (in firefox), and bookmark-able links.

For example, you can now go directly in a pink Julia fractal

Alternatively, you can check out the weird fractal in the thumbnail. It’s not quite mandelbrot, and not quite julia, and switching to that mode frequently results in “broken” or distorted mandelbrot patterns. If you know the proper name for it, let me know.

Things to do while in the viewer:

  • click anywhere to zoom in. press CTRL while clicking to zoom out.
  • pressing the space bar will generate a new color palette. it’s random, so press it ’til you like it.
  • pressing “1″, “2″ or “3″ will bring the Mandelbrot, Julia or Weird set respectively.
  • on Firefox, you can use the Back and Forward browser buttons to undo/redo actions.

That’s it. the .swf file has crept up to 8k, and here’s to hoping I stop wasting hours staring at fractals soon.

Tiny mandelbrot fractal viewer in ActionScript 3.0

Posted October 29th, 2006 by
Categories: web, flash, actionscript, fractal

mandelbrot fractalI need to pick up actionscript 3.0 quickly, so I figured I’d write a few small test programs for it.

When I was young, I’d waste hours waiting for FractInt to put together some really pretty images. I never really wrote my own little fractal programs, for whatever reason.

This seemed like a good opportunity to mix both, so here we are.

It’s a really small swf file (2K). Keep the mouse down to zoom in. Press CTRL while the mouse is down to zoom out.

While zooming, quality is adjusted dynamically. The algorithm to do that is totally stolen from mrob

Anyway, you can look at the viewer, or you can check the source out too.

Welcome

Posted October 15th, 2006 by
Categories: Meta

WelcomeWelcome to metal.hurlant.com

I created this site mostly to keep track of various little things I throw together. Also, I was feeling a bit sad everytime I had to upload one of my hacks to a geocities page. So I feel much better now. :)

I’ve been interested in computer security and web applications for over 10 years. My day job has frequently involved both of those. Yet I’ve never really tried to organize or keep track of what I’ve done.

This is an attempt at fixing that. Post updates are not likely to follow any predictable schedule, as this is more of an exercise in self-development than in building up a readership.