Git Product home page Git Product logo

good-ugly-pad's Introduction

good-ugly-pad

Short summary

The Good the Ugly and the Pad enter in a bar... Sometimes knowing the trade is not enough, sometimes you need to pad

Article

In crypto, when your message size is not multiple of the crypto algorithm block size, you need to pad. But we in Java(the Good) have an problem: we are not used to do that; in fact we are used to have the platform take care of the nitty-gritty details and we just enjoy the ride. Of course the problem is that we forget the padding altogheter, we (I) don't even remeber that is there, and when confronted with non jvm languages, sometimes this goodie backfires. It happend to me, when porting a protocol from a Java client to a Python (the Ugly) client, and i am putting the experience here, so maybe i will not forget it again and you don't have to loose precious game-time in these things.

#The programs

Let's say that the interaction of the protocol is an instance the so called "double lock briefcase".

Let's see how it would have been done, in Groovy and in Python

Notice the lambdas (the Pad) that do the padding and the unpadding of the payload! It is the usual PKCS(5|7), but one has to remember to do it or the communication will break, especially with small payloads.

##Python example

The python example is made from the class ugly.Ugly: this class is first initialized with the shared password and the initialization vector. Then is simulated the arrival of an externa exchanged key: this key is assumed to be randomic and encrypted with the shared key. The key is then decryped, and the corresponding (random) client key is obtained. In the next step the client key is used to encrypt a password used for login.

##Groovy Example

The groovy example does the same as python, but notice that no padding is explicitly added or evicted from the payload: the crypto module does everithing on its own (so we do not make errors). As before the Good class is instanced with a password , an initialization vector and a crypto algorithm. The encrypted key exchange is simulated and the client key is obtained. The client key is then used to encrypt a password for login.

good-ugly-pad's People

Contributors

endeios avatar

Watchers

James Cloos avatar avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.