cryptofuzz
crates.io
Our great sponsors
cryptofuzz | crates.io | |
---|---|---|
6 | 661 | |
655 | 2,796 | |
- | 2.1% | |
9.0 | 10.0 | |
18 days ago | 4 days ago | |
C++ | Rust | |
GNU General Public License v3.0 only | Apache License 2.0 |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
cryptofuzz
-
Java ECDSA trivial signature bypass
There is also the cryptofuzz
- What are some real-world security issues in cryptography?
-
The biggest source of vulnerabilities in cryptographic libraries is memory safety bugs, not cryptography bugs
2) There's a popular fuzzing technique, called "differential fuzzing" that works especially well for cryptographic libraries. The idea is to have the fuzzer look for both memory safety issues (like buffer overflows, even if they're too small to cause a crash AddressSaniziter can detect) and actual logic bugs in the cryptography implementation (e.g. the output of one implementation not matching the output of another, given the same state/inputs).
-
You Shouldn't Roll Your Own Crypto: An Empirical Study
I understand that they base their research on CVE data because it offers normalized quantifiers of severity and scope, but in my experience vendors by and large don't bother with CVE's for API bugs even when the affected primitive is clearly malfunctioning (memory or correctness issues).
I've been deeply fuzzing cryptographic libraries for a few years and found about 130 bugs [1]. The vast majority of these did not receive a CVE. Now some of these are merely theoretical, others will only manifest under particular circumstances like specific calling sequences, others were caught in the development phase before landing in stable releases, but a number of them are outright vulnerabilities. The usefulness of CVE incidence is questionable when it is so strongly influenced by the vendor's propensity for reporting these.
[1] https://github.com/guidovranken/cryptofuzz#bugs-found-by-cry...
-
What Is Fuzz Testing?
[1]: https://guidovranken.com/2019/05/14/differential-fuzzing-of-...
-
Cyber Security; Beginner Roadmap
I don't have any certs (apart from malformed X509 files..) so I can't speak of their effectiveness. What has worked for me is having a strong presence in open source. I just show people one of my projects like [1] and nobody asks about certs or education, ever. I spend most of my free time on these projects so cultivating a sizeable project might not be a suitable route for anyone who has a life outside of computers, though having some kind of publicly available utility where a prospective employer can check out your coding style and skills is probably a decent way to stand out amidst a sea of applicants.
[1] https://github.com/guidovranken/cryptofuzz
crates.io
-
Rust Keyword Extraction: Creating the YAKE! algorithm from scratch
All the code discussed in this article can be accessed through this repository. For integration with existing projects consider using keyword_extraction crate available on crates.io.
-
Migrating a JavaScript frontend to Leptos, a Rust framework
So, be sure to double-check your critical libraries and be sure their alternatives exist in the Rust ecosystem. Thereβs a good chance the crates you need are available in Rust's crates.io repository.
-
Learning Rust: A clean start
The previous section was very simple, this section is also very simple but introduces us to cargo which is Rust's package manager, as a JS dev my mind goes straight to NPM.
-
#2 Rust - Cargo Package Manager
Now, there has to be a place where all these packages come from. Similar to npmjs registry, where all node packages are registered, stored and retrieved, Rust also has something called crates.io where many helpful packages and dependencies are registered.
-
Rust π¦ Installation + Hello World
Before proceeding, let's check https://crates.io/, the official Rust package registry.
-
Underestimating rust for my Project.
The most thrilling aspect has been the joy of writing the backend. It's like every struct, enum, and method in Rust forms this interconnected Multiverse of code , which you can see in crates.io which is best Documentation experience I Ever Had.
-
Top 10 Rusty Repositories for you to start your Open Source Journey
5. Crates.io
-
Project Structure Clarification Coming From Python - With Example
When using crates from eg. crates.io, and also things like std and core
-
Cargo has never frustrated me like npm or pip has. Does Cargo ever get frustrating? Does anyone ever find themselves in dependency hell?
Vendoring your packages was very tedious to even remotely get to work with Cargo. I spent a very long time getting Cargo to work together with cargo-local-registry. We vendor crates from crates.io and a custom internal registry.
-
How did I need to know about feature rwh_05 for winit?
So this is my question: Which way was the right to find it out? There is no info about this feature on crates.io. I also have no clue what exactly it does and why it is named rwh_05.
What are some alternatives?
beacon-fuzz - Differential Fuzzer for Ethereum 2.0
docs.rs - crates.io documentation generator
onefuzz - A self-hosted Fuzzing-As-A-Service platform
plotters - A rust drawing library for high quality data plotting for both WASM and native, statically and realtimely π¦ ππ
doubleback - Doubleback provides round-trip parsing and printing of 64-bit double-precision floating-point numbers using the Ryu algorithm implemented in multiple programming languages. Doubleback is biased towards "human-friendly" output which round-trips consistently between binary and decimal.
Cargo - The Rust package manager
writeups - CTF writeups from The Flat Network Society
trunk - Build, bundle & ship your Rust WASM application to the web.
Sloth - Sloth π¦₯ is a coverage guided fuzzing framework for fuzzing Android Native libraries that makes use of libFuzzer and QEMU user-mode emulation
gtk4-rs - Rust bindings of GTK 4
radamsa
Rocket - A web framework for Rust.