Re: Data Encryption

Date: 09/07/02

To: secprog@securityfocus.COM
Date: Fri,  6 Sep 2002 23:14:56 +0100 (BST)

Bryan Ponnwitz wrote:

> I'm only looking to evaluate the method I've developed.

There have been other replies I need not duplicate.

> The protocol is setup so that the first four bytes of any transfer are
> signaling data. Packets can be more than 4 bytes depending on what is
> in the signaling data, but 4 bytes is the minimum; for instance:
> EC 03 00 00 is the data you would send to the server to login. After

There's a reason why lots of common protocols use text strings such
as USER and PASS - they are easy to remember and test with readily-
available tools. Simplicity and testability are good. It's also
common for servers to respond with numbers prefixing their text responses:
2xx for success, and so on. See rfc977 or several others.

If you're passing strings around with lengths then there's a format
documented by Bernstein you might consider.

I don't know what the VB string handling functions are but something
similar to C's fgets() is what I would want. There should be no chance
to write outside the memory reserved for data even if the size data
supplied is misleading, negative or in any way strange.

Relevant Pages

  • Re: Need some IPC pointers
    ... non-local processes would be nice ... ... I'm thinking sockets, ... If your strings will never contain a pipe ... try to keep your protocol to ASCII text. ...
  • Re: Recursive list comprehension
    ... > equivalent to iterfor strings. ... However you can call iteron a str ... The magic is the old-style iteration protocol (also called the 'sequence ... If it does not support either of those protocols, ...
  • Re: TCP/IP Sockets with GNAT.Sockets
    ... Create_Socket(Socket); ... the ada client sends a 5 character long string and waits for a 5 character long string, but the server sends a 5 character long string... ... all the problem encountered when using streams with sockets are protocol problems: people sends some data on the socket and expect something else at the other end. ... when trying to sends strings over the network, you have to take into account that no 2 languages uses the same representation for strings: C strings are null-terminated, Ada strings are arrays of character with a lower and an upper bound, pascal strings are array of chars with only an upper bound... ...
  • Re: string: __iter__()?
    ... Just for curiosity i'd like to know why strings don't support the ... Is there some deeper reason for this? ... Since strings obey the sequence protocol there ...