[Cryptography] The GOTO Squirrel! [was GOTO Considered Harmful]
Peter Gutmann
pgut001 at cs.auckland.ac.nz
Mon Mar 3 03:21:28 EST 2014
Stephan Neuhaus <stephan.neuhaus at tik.ee.ethz.ch> writes:
>Essentially, what you're describing is fuzzing. I agree with your assertion
>that it's dangerous to have it lying around in code, but there's no reason
>why one couldn't annotate the code (using comments, for example) and then
>have a fuzzer prepare a special version.
It's a lot more than just fuzzing, you need to do things like "create a
message A, flip a bit in it to get A', MAC it, and then unflip the bit so A is
sent but with a MAC for a A'", or "send out a cert chain for one key but then
sign the DH exchange with a different key". You don't get that with random
mutation, it requires custom code for each situation.
Peter.
More information about the cryptography
mailing list