[Cryptography] Source code that looks like completely different source code
Kevin W. Wall
kevin.w.wall at gmail.com
Mon Dec 13 16:18:50 EST 2021
On Mon, Dec 13, 2021 at 3:56 PM Dan McDonald <danmcd at kebe.com> wrote:
> On Dec 12, 2021, at 8:07 PM, Ray Dillinger <bear at sonic.net> wrote:
> > I don't know whether this is 'steganography' as commonly understood, but
> > the idea of hiding one message in what appears to be another seems to be
> > relevant, as does the threat to digital security.
> This broke a few weeks ago.
> I know that Rust (recently mentioned here in another thread) added
> compiler support to thwart bidirectional redirects at compile time:
> AIUI one's editor, or one's editor settings, may make a difference here as
> well. I added this to my .emacs around that time:
> (setq bidi-display-reordering nil)
> It's a clever attack vector, to be sure.
There is also a semgrep rule for these BIDI attacks in case your compiler
doesn't protect you:
Of course, none of this would be a problem if we just forced people to
write code in EBCDIC using punched cards like we did in the good old days.
Blog: https://off-the-wall-security.blogspot.com/ | Twitter: @KevinWWall
| OWASP ESAPI Project co-lead
NSA: All your crypto bit are belong to us.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the cryptography