|
Last change
on this file since 20 was
20,
checked in by tmorgan, 12 years ago
|
|
added simple encode/decode command line tools
fixed problem with percent encoding by allowing for a third result of tests
implemented (untested) resumption of decryption for POA
more POA documentation and logging
|
|
File size:
1.0 KB
|
| Rev | Line | |
|---|
| [19] | 1 | First Release |
|---|
| 2 | ============= |
|---|
| 3 | |
|---|
| [3] | 4 | * PaddingOracle |
|---|
| [20] | 5 | - Enable resumption of decryption in case of failure |
|---|
| [3] | 6 | |
|---|
| [19] | 7 | |
|---|
| 8 | Future |
|---|
| 9 | ====== |
|---|
| 10 | |
|---|
| 11 | * A tool that behaves like http2py, but generates a POA script |
|---|
| 12 | |
|---|
| [10] | 13 | * Codetective |
|---|
| 14 | Consider using parts of this, if useful |
|---|
| 15 | https://github.com/blackthorne/Codetective |
|---|
| 16 | |
|---|
| 17 | * nextrand |
|---|
| 18 | - Expand capabilities to handle nextInt calls with arguments |
|---|
| 19 | - Transition code to a library that could be called by Python |
|---|
| [11] | 20 | |
|---|
| [15] | 21 | * Consider using an SMT solver for certain problems (linear PRNGs?) |
|---|
| 22 | http://en.wikipedia.org/wiki/Satisfiability_Modulo_Theories |
|---|
| 23 | |
|---|
| 24 | * Add tools for testing and conducting hash length-extension attacks. |
|---|
| 25 | One tool: https://github.com/bwall/HashPump |
|---|
| [19] | 26 | |
|---|
| 27 | * Add tool to test for LCG without knowing LCG parameters |
|---|
| 28 | See: Inferring Sequences Produced by Pseudo-Random Number Generators by JOAN BOYAR |
|---|
| 29 | |
|---|
| 30 | * Add Mersenne Twister attack tool |
|---|
| 31 | See: http://seclists.org/fulldisclosure/2012/Oct/190 |
|---|
| 32 | |
|---|
| 33 | * Add tools for helping one determine the character set used by |
|---|
| 34 | randomly generated passwords, as well as determining the mapping |
|---|
| 35 | from numbers to characters |
|---|
Note: See
TracBrowser
for help on using the repository browser.
