[Cryptography] The GOTO Squirrel! [was GOTO Considered Harmful]

Peter Gutmann pgut001 at cs.auckland.ac.nz
Mon Mar 3 03:21:28 EST 2014

Stephan Neuhaus <stephan.neuhaus at tik.ee.ethz.ch> writes:

>Essentially, what you're describing is fuzzing.  I agree with your assertion
>that it's dangerous to have it lying around in code, but there's no reason
>why one couldn't annotate the code (using comments, for example) and then
>have a fuzzer prepare a special version.

It's a lot more than just fuzzing, you need to do things like "create a
message A, flip a bit in it to get A', MAC it, and then unflip the bit so A is
sent but with a MAC for a A'", or "send out a cert chain for one key but then
sign the DH exchange with a different key".  You don't get that with random
mutation, it requires custom code for each situation.


More information about the cryptography mailing list