[Cryptography] The GOTO Squirrel! [was GOTO Considered Harmful]
Sampo Syreeni
decoy at iki.fi
Mon Mar 3 20:28:16 EST 2014
On 2014-03-03, Peter Gutmann wrote:
> It's a lot more than just fuzzing, you need to do things like "create
> a message A, flip a bit in it to get A', MAC it, and then unflip the
> bit so A is sent but with a MAC for a A'", or "send out a cert chain
> for one key but then sign the DH exchange with a different key". You
> don't get that with random mutation, it requires custom code for each
> situation.
But couldn't you basically parse the program flow of the emitting
application, and guidedly mutate around every decision point within it?
That's still within the definition of fuzzing, if I'm not entirely
mistaken.
--
Sampo Syreeni, aka decoy - decoy at iki.fi, http://decoy.iki.fi/front
+358-40-3255353, 025E D175 ABE5 027C 9494 EEB0 E090 8BA9 0509 85C2
More information about the cryptography
mailing list