Weak data typing in MySQL

MySQL is a great product and mature, but sometimes... $SUBJ. So I have a table TABLE with VARCHAR column/field COLUMN. I can run: SELECT * from TABLE where LENGTH(COLUMN<10); This executed, but I got all possible records, with all possible lengths of COLUMN. WTF? Ouch, I've been experienced lack of sleep :( I should have...

4h

[Russian][Crypto] Что такое side-channel attack / timing attack

Была у меня когда-то подруга и съемная двухкомнатная квартира. И мы обычно работали находясь в разных комнатах. Деятельность подруги за компом была разделена на 4 основные (под)вида: 1) Работа в MS Word-е. Много нажатий по клавиатуре. Иногда работа мышью для копипасты туда-сюда. Большой variance между событиями. 2) Листание ЖЖ и прочих...

4h

[Crypto][Python] D.Bleichenbacher attack on RSA PKCS#1, part I

Introduction Prerequisite: see my previous blog post about RSA blinding. What is PKCS#1 1.5 padding? It's when your message is padded by random stuff, actually, prepended at start: 2. EME-PKCS1-v1_5 encoding: a. Generate an octet string PS of length k - mLen - 3 consisting of pseudo-randomly generated...

3d

[Crypto][Python] D.Bleichenbacher attack on RSA PKCS#1, part III

Click for the previous part. Raising the bar: using OpenSSL Now I'm going to use the 'real' oracle -- OpenSSL. The code is mostly the same, but it calls openssl executable and also it can use RSA public key in PEM file format. See this and this. Now tests on random RSA keys. 512 bits, 1024, 2048, 4096 -- all fast. Within one hour...

3d

[Crypto][Python] D.Bleichenbacher attack on RSA PKCS#1, part IV

Click for the previous part. The real situation is even worse. The problem is not in the PKCS#1 1.5 padding. The problem is that the attack can be used on any message that has fixed header, 'magic cookie'. Think about HTML/XML header, etc. Here I extended by code to handle a message with 8-bit header. It must be zero. Such messages...

3d

[Crypto][Python] D.Bleichenbacher attack on RSA PKCS#1, part II

Click for the previous part. Full attack Since I'm not a very good mathematician, I misunderstood Bleichenbacher's paper and implemented the second step simpler. It just narrows bounds recursively. This works. But I admit that this may be not as efficient as the original Bleichenbacher's idea. import random, math, sys, os import...

3d

[Crypto] RSA blinding

What if you want to compute some data on remote server/cloud, but you don't trust sysadmins? Can you encrypt your data, compute something on remote server, download it and decrypt? This is what is called homomorphic encryption. Not practical (yet?) One little-known fact about RSA is that it's homomorphic if you use only modular multiplication...

4d

[Crypto][Python] Padding oracle attack: demonstration

First, please first read my previous blog post about PKCS#7 padding. So what is 'oracle'? In our case, 'oracle' is a remote server or a piece of hardware, like smart card. We can send (modified) ciphertext to it and get an error message if padding is invalid (true/false). We don't even need decrypted plaintext from 'oracle'. This...

3w

[Crypto] PKCS#7 padding

As we know, plaintext may be of arbitrary length. But cryptographic primitives works only with fixed-size blocks. AES -- 16 bytes. So a last block to be encrypted must be expanded somehow. One naive solution is to pad it with zeroes and to store plaintext length somewhere. By the way, what is 'pad'? For non-English speakers (like me),...

4w

[Pure C][x86][RevEng] Function arguments as local variables

From C textbooks you know that you can use function arguments just like local variables. Let's try. First example: #include <stdio.h> void f() { int x, y; for (x=0; x<3; x++) for (y=0; y<3; y++) printf ("%d %d\n", x, y); }; void main() { f(); };...

Dec 2022