I looked around and couldn’t find a pure-ruby implementation of Diffie-Hellman key exchange. Diffie-Hellman key exchange is a nifty way to end up with the same shared secret between Alice and Bob without ever sending the secret key to the other side. It’s used in ISAKMP, SSH and a host of other crypto-based protocols. The code for Diffie-Hellman in Ruby is unbelievably terse to the point you wonder if you actually got it working right. Two things come in handy: Ruby has open classes that you can extend and Ruby has built-in Bignum support. Integers don’t overflow in Ruby, they just keep expanding.
Archive for Ruby
Code coverage and fuzzing
In previous blogs, I’ve talked about using code coverage as one metric for assessing the effectiveness of fuzzing. While protocol specifications and application definitions can be used for fuzzing, the interdependencies of fields and messages within protocols, including state, are not always obvious. For example, when looking at the telnetd source, it’s pretty obvious that you need to send 4 or 5 primary telnet options before the server will enter the main loop. Or the fact that no matter what you do with the XDISPLAYLOC telnet option, you are wasting time since the server simply passes this to setenv.
ruby, dup2 and rinetd
When you are attacking an xinetd-based process model, there’s no reliable way to know if the child process seg-faulted. The accept’ing socket is always alive and GDB’s follow-fork-mode doesn’t quite help us with this since child processes are being spawned and killed all the time.
Proxies, procs and yield
First the definition: Proxies are objects that masquerade as some other object that’s contained within them, effectively intercepting all messages to the contained object. Proxies are used in multiple places like debugging, tracing, intercepted delegation, benchmarking, etc. But those have already been solved. This post is not about that.
