Skip to content

AceRoqs/CryptoTools

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

206 Commits

CrappyCrypto

CrappyCrypto

 
 

Cryptopals

Cryptopals

 
 

SkipjackDecrypt

SkipjackDecrypt

 
 

SkipjackEncrypt

SkipjackEncrypt

 
 

SkipjackTest

SkipjackTest

 
 

.gitignore

.gitignore

 
 

CrappyCrypto.props

CrappyCrypto.props

 
 

CryptoTools.sln

CryptoTools.sln

 
 

README.md

README.md

 
 

Repository files navigation

These are tools I've written to practice breaking ciphers.

CrappyCrypto contains my own versions of cryptographic algorithms that I have written to attack. They are not intentionally insecure, but I am not confident in stating that they are hardened against modern attacks. I have had security training in the past, have spent a number of years building threat models and fixing security issues, and have studied cryptography since 1991. I am quite confident in not being confident.

There are some obvious problems with the implementation. First, ECB is the only mode supported, and there is no direct support for nonces. Both of those issues are damning in terms of actual usage. There are probably timing attacks that can be done, since there are array lookups that are key-dependent. Lastly, from a hardening standpoint, the heap buffers are not zeroed on free, and no attempt is made to prevent hardware register spillage to the stack.

I first wrote the Skipjack code in 1998. Surprisingly, it built without errors in Visual Studio 2010. I have since tried to modernize it to modern C++ in VS2015.

Caveat: This code is portable, but due to variances in how arguments are passed to main() in C++, encoding matters. For example, by default, file names are passed as ANSI (in the current code page) to main() in Windows, and passed directly to fopen(). Linux will use UTF-8 by default. In general this will do what is expected. However, keys are different. Since CrappyCrypto operates directly on the argv data, non-ASCII keys will cause problems. For example, on Windows, the Euro '€' will be passed as a two byte ANSI character to main(), and the key built from that. On Linux, the UTF-8 encoding of U+20AC is passed, which is three bytes. The result is that data encoded on one platform might not be correctly decodable on another without some care.

UTF-8 correctness is something that I am actively thinking about, and have an idea on the general portable solution for the above issue, but I want to reflect on whether it is the best approach for all of my projects before I commit to it.

CrappyCrypto has a dependency on the PortableRuntime library.

Toby Jones (www.turbohex.com, ace.roqs.net)

About

Tools for attacking cryptographic implementations.

Resources

Readme
Activity

Stars

21 stars

Watchers

7 watching

Forks

9 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages