Re: Data EncryptionFrom: firstname.lastname@example.org
- Previous message: Valdis.Kletnieks@vt.edu: "Re: Data Encryption"
- Maybe in reply to: Bryan Ponnwitz: "Data Encryption"
- Next in thread: Dragos Ruiu: "Re: Data Encryption"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: secprog@securityfocus.COM Date: Fri, 6 Sep 2002 23:14:56 +0100 (BST) From: email@example.com
Bryan Ponnwitz wrote:
> I'm only looking to evaluate the method I've developed.
There have been other replies I need not duplicate.
> The protocol is setup so that the first four bytes of any transfer are
> signaling data. Packets can be more than 4 bytes depending on what is
> in the signaling data, but 4 bytes is the minimum; for instance:
> EC 03 00 00 is the data you would send to the server to login. After
There's a reason why lots of common protocols use text strings such
as USER and PASS - they are easy to remember and test with readily-
available tools. Simplicity and testability are good. It's also
common for servers to respond with numbers prefixing their text responses:
2xx for success, and so on. See rfc977 or several others.
If you're passing strings around with lengths then there's a format
documented by Bernstein you might consider.
I don't know what the VB string handling functions are but something
similar to C's fgets() is what I would want. There should be no chance
to write outside the memory reserved for data even if the size data
supplied is misleading, negative or in any way strange.