[prev in list] [next in list] [prev in thread] [next in thread] 

List:       cypherpunks
Subject:    Re: [cryptography] [info] The =?utf-8?Q?NS?=  =?utf-8?Q?A_Is_Building_the_Country=E2=80=99?= 	=?utf-
From:       Eugen Leitl <eugen () leitl ! org>
Date:       2012-03-26 11:40:34
Message-ID: 20120326114034.GI17245 () leitl ! org
[Download RAW message or body]

----- Forwarded message from Seth David Schoen <schoen@loyalty.org> -----

From: Seth David Schoen <schoen@loyalty.org>
Date: Sun, 25 Mar 2012 18:22:43 -0700
To: ianG <iang@iang.org>
Cc: cryptography@randombit.net
Subject: Re: [cryptography]
	[info] The NSA Is Building the Countrybs Biggest Spy Center (Watch What You Say)
User-Agent: Mutt/1.5.20 (2009-06-14)

ianG writes:

> On 26/03/12 07:43 AM, Jon Callas wrote:
> 
> > This is precisely the point I've made: the budget way to break crypto is to buy a \
> > zero-day. And if you're going to build a huge computer center, you'd be better \
> > off building fuzzers than key crackers.
> 
> point of understanding - what do you mean by fuzzers?

Automatically trying to make software incur faults with large amounts of
randomized (potentially invalid) input.

https://en.wikipedia.org/wiki/Fuzz_testing

If you get an observable fault you can repeat the process under a
debugger and try to understand why it occurred and whether it is an
exploitable bug.  Here's a pretty detailed overview:

https://www.blackhat.com/presentations/bh-usa-07/Amini_and_Portnoy/Whitepaper/bh-usa-07-amini_and_portnoy-WP.pdf


When it was first invented, fuzzing basically just consisted of feeding
random bytes to software, but now it can include sophisticated
understanding of the kinds of data that a program expects to see, with
some model of the internal state of the program.  I believe there are
also fuzzers that examine code coverage, so they can give feedback to the
tester about whether there are parts of the program that the fuzzer isn't
exercising.

-- 
Seth David Schoen <schoen@loyalty.org>      |  No haiku patents
     http://www.loyalty.org/~schoen/        |  means I've no incentive to
  FD9A6AA28193A9F03D4BF4ADC11B36DC9C7DD150  |        -- Don Marti
_______________________________________________
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography

----- End forwarded message -----
-- 
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE


[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic