[cryptography] [info] The NSA Is Building the Countrybs Biggest Spy Center (Watch What You Say)

[Seth David Schoen]

ianG writes:

> On 26/03/12 07:43 AM, Jon Callas wrote:
> 
> >This is precisely the point I've made: the budget way to break crypto is to buy a zero-day. And if you're going to build a huge computer center, you'd be better off building fuzzers than key crackers.
> 
> point of understanding - what do you mean by fuzzers?

Automatically trying to make software incur faults with large amounts of
randomized (potentially invalid) input.

https://en.wikipedia.org/wiki/Fuzz_testing

If you get an observable fault you can repeat the process under a
debugger and try to understand why it occurred and whether it is an
exploitable bug.  Here's a pretty detailed overview:

https://www.blackhat.com/presentations/bh-usa-07/Amini_and_Portnoy/Whitepaper/bh-usa-07-amini_and_portnoy-WP.pdf

When it was first invented, fuzzing basically just consisted of feeding
random bytes to software, but now it can include sophisticated
understanding of the kinds of data that a program expects to see, with
some model of the internal state of the program.  I believe there are
also fuzzers that examine code coverage, so they can give feedback to the
tester about whether there are parts of the program that the fuzzer isn't
exercising.

-- 
Seth David Schoen <schoen at loyalty.org>      |  No haiku patents
     http://www.loyalty.org/~schoen/        |  means I've no incentive to
  FD9A6AA28193A9F03D4BF4ADC11B36DC9C7DD150  |        -- Don Marti
_______________________________________________
cryptography mailing list
cryptography at randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography

----- End forwarded message -----
-- 
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE