Hey guys. Im writing a End to end encrypted chat system in C. ive got a library to handle encryption using AES256, got that working. I got a library for hashing passwords into keys, Keccak-based. I also got a library supposed to perform the key exchange via diffie-hellman. No i got it working, sort of. The last Byte seems to be different with the two keys, being 0 in one and the other one being an actual key value (as its supposed to be).
Encryption is hard to get right, C is hard to get right (as you just saw), combine the two and you're in for a nightmare.
Just save yourself the trouble, crypto is one of the those things that you shouldn't reinvent, not even for the educational value, because even if you do, you should consider it trivially easy to crack and unsafe, until you actually determine how hard it is to crack. A more productive use of your time would be learning infosec and cryptanalysis.
why not combine everything? I wrote a diffie-hellman implementation couple months ago, then asked myself how this could be broken and wrote one brute-force script and a full exploit.. learned a lot during that project
Landon James
-fsanitize=address -fsanitize=undefined thank me by killing yourself
Isaiah Rodriguez
I've never seen anyone using the hh length specifier before. >For integer types, causes printf to expect an int-sized integer argument which was promoted from a char. Sounds like it should have no effect.
Cameron Richardson
I think it's best if you're trying to find flaws in someone else's code, because you're naturally biased towards your own (you're more lenient, familiarity leads to a false sense of security...). Also there's the added bonus of seeing the same problem from another point of view, you might pick up a creative approach you didn't think of while looking at someone else's code.
"Not even for the educational value" was a bit of a hyperbole, what I meant is practical implementations of algorithms are short and based on complicated mathematics. Unless you also know all that theory, you're basically copying and pasting a bunch of lines of code, or translating pseudocode into the language of choice, without understanding what purpose they serve. You're simply not learning as much as you could with your time that way. Trying to break something that you already know and understand well is more productive than poking around a black box.
Parker Nguyen
>bet that hasnt ever happened to you It happens to literally everyone. That's why nobody writes sensitive systems in C anymore. It's fucking garbage and this bullshit pops up everywhere.
Tyler Rogers
Can I put your work in my portfolio CV?Askin for a friend
Cooper Bailey
totally agree with you what I did ultimately gave me a better understanding of how to write more secure code and find my own flaws, which is what I wanted as well as to learn a couple other things on the side the only way someones own encryption can go right is if the algorithm is public and has been tested by many people through many iterations before being used It's something that must not only be well understood but also well implemented and that is very difficult to do but starting somewhere and doing something just for the heck of it is always better than doing nothing, especially if it's fun
Jonathan Morales
Are there ways to mitigate C's shittiness that don't completely cripple its performance, while also making it more reliable? Speaking of sensitive systems, is Ada just a meme (I've read a bunch of software written for spacecrafts used it), or is it actually viable for sensitive tasks in general?
>but starting somewhere and doing something just for the heck of it is always better than doing nothing, especially if it's fun That''s the spirit!
> That's why nobody writes sensitive systems in C anymore. It's fucking garbage and this bullshit pops up everywhere. Military hardware and avionics would disagree with you. It's mostly C or a variant of C
Henry Ward
>I'm afraid of making a mistake. That's why I have low test, and lock my fem penis in a cage.
Charles Long
>I literally can't stop thinking about cocks >I don't give a shit about security of any kind, that's how I got AIDS
