nostandard / cyphers Goto Github PK
View Code? Open in Web Editor NEWPure Rust implementation of classical ciphers (for fun and learning!)
License: Apache License 2.0
Pure Rust implementation of classical ciphers (for fun and learning!)
License: Apache License 2.0
To mitigate these two attack vectors, we might consider adding more robust input validation (such as checking whether a is co-prime with 26) and possibly considering ways to make the encryption and decryption times more consistent to prevent timing attacks.
prepare_string
function is not called within the encrypt
and decrypt
functions. As such, these functions will not handle non-alphabetic characters and mixed case inputs correctly. This could potentially be used to introduce invalid characters into the encrypted text or to cause errors in decryption.unwrap_or_default()
and unwrap_or()
could potentially mask errors that occur during encryption and decryption, making the implementation less robust against malformed inputs or other unexpected conditions.extend_key
function simply repeats the key to match the length of the plaintext, a short key might make the cipher more susceptible to attacks as it effectively reduces the cipher to a set of repeated Caesar
ciphers.To make the implementation more secure and robust, we must introduce additional input validation, custom error handling, and possibly rate-limiting to prevent abuse. We must also explore ways to make the key generation more secure and to prevent potential timing attacks.
The current implementation is quite solid and doesn't seem to have any particular vulnerabilities intrinsic to the algorithm or code. However, one could consider potential attacks not on the cipher logic itself, but on how the program interacts with its environment or handles input. Here are some considerations:
Input Validation: The clean_input
helper function only considers alphabets and spaces as valid inputs, discarding others. This means messages containing numbers or special characters can't be encrypted or decrypted correctly, which might be used as an attack vector to feed malicious inputs.
Error Handling: The implementation uses Option
to handle errors, returning None
when encountering an error. A more detailed error handling is desired.
Unicode Support: The implementation currently does not handle Unicode characters well, which might be exploited in various ways, including bypassing input validation or creating unexpected outputs.
rand::rngs::OsRng
random number generator used for key generation, these could potentially be exploited to predict keys.unsafe
block in the testing section (String::from_utf8_unchecked
) could potentially lead to undefined behaviour if misused. While it seems safe in our current test setup, in a larger codebase or with modifications, it might introduce vulnerabilities.Add example usage for all encrypt
and decrypt
functions.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.