This test was created when I worked with CVE-2002-20001 vulnerability. The vulnerability is about diffie-hellman-group-exchange-sha256 key exchange algorithm with high computational complexity which is using long exponents that arguably make certain calculations unnecessarily expensive. To test the issue I created small bash script ddosssh.sh to simulate DDoS attack on ssh server using different key exchange… Read More »
A bit away for from security themes just simple c++ coding related to string processing, changing substring in char array. Recently I had a task to hide some private info in log replacing it with asterisks. It is the code, I tried to do it the new substituted substring may longer or shorter then initial… Read More »
This post is continuation of 2 previous ones. It demonstrates how to send Online Certificate Status Protocal (OCSP) request to CA server about certificate revocation status using openssl terminal commands. The procedure consists of the same steps as it was presented in c++ and c# codes: find OCSP URL, get server certificate and certificate chain,… Read More »
It is functionally similar OCSP (Online Certificate Status Protocol) client as presented in previous post “Windows OCSP Client based on BouncyCastle.Crypto.dll” but oriented for Linux OS and written on C++ using openssl API. The code was tested on Ubuntu 22.04 and CentOS 8 only, but I hope it should be compatible with other Linux OS… Read More »
OCSP (Online Certificate Status Protocol) is generally used to obtain revocation certificate status from certification authority (CA) as alternative to CRL (Certificate Revocation List). OCSP request is sent to server as HTTP POST request with 2 specific header values “application/ocsp-request” as Content-Type and “application/ocsp-response” as Accept. The example of OCSP request I got from Wireshark… Read More »
It is a continuation of previous post “Compare storage of string in memory for c++ and golang using dgb” where gbg debugger was used to read characters defined in string variable directly from memory. The example below shows how to read string bytes from memory using unsafe pointer. String encoding is UTF-8, and it contains… Read More »
Probably everybody knows that c++ string is a sequence of characters terminated by 0. In golang string is stored in different way as a structure with 2 members: pointer to character sequence (type uintptr) and length of character sequence (type integer). Below there are 2 examples how to check and modify string in memory for… Read More »
MD5 is 128 bit hash digest calculated by Message Digest Method 5 algorithm. It is not so secure as SHA-256 algorithm but significantly faster. It is still widely used as thumbprint to verify data integrity and detect accidental data corruption. Here is c++ example how to calculate MD5 hash of string using openssl API. Templates… Read More »
SHA-256 is 256 bit hash value calculated by SHA-2 (Secure Hash Algorithm 2). SHA-256 is used in some of the multiple well known authentication and encryption protocols, including SSL, TLS, IPsec, SSH, and PGP. Also it is used for secure password hashing and cryptocurrency transaction verification. Here is c++ example how to calculate SHA-256 has… Read More »
The cipher list may be retrieved using “openssl cipher” command. This command has multiple options to filter output. The same is possible to do programmatically using openssl API. Here is c++ example how to programmatically obtain a list of available ciphers with appropriate cryptographic protocols they belong to. The code was implemented and tested on… Read More »