[Cryptography] The GOTO Squirrel! [was GOTO Considered Harmful]

Sampo Syreeni decoy at iki.fi
Mon Mar 3 20:28:16 EST 2014

On 2014-03-03, Peter Gutmann wrote:

> It's a lot more than just fuzzing, you need to do things like "create 
> a message A, flip a bit in it to get A', MAC it, and then unflip the 
> bit so A is sent but with a MAC for a A'", or "send out a cert chain 
> for one key but then sign the DH exchange with a different key".  You 
> don't get that with random mutation, it requires custom code for each 
> situation.

But couldn't you basically parse the program flow of the emitting 
application, and guidedly mutate around every decision point within it? 
That's still within the definition of fuzzing, if I'm not entirely 
Sampo Syreeni, aka decoy - decoy at iki.fi, http://decoy.iki.fi/front
+358-40-3255353, 025E D175 ABE5 027C 9494 EEB0 E090 8BA9 0509 85C2

More information about the cryptography mailing list