Scribd
Upload
43 views5 pages

Cryptography Assignment

The document provides a basic implementation of a Digital Signature Scheme using RSA in Python, detailing key generation, message signing, and signature verification. It also explains Buffer Overflow and Format String vulnerabilities, highlighting their causes, examples, and potential exploits, along with prevention strategies. The document emphasizes secure coding practices to mitigate these common security issues.

Uploaded by

kipchumbaian80
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
43 views5 pages

Cryptography Assignment

The document provides a basic implementation of a Digital Signature Scheme using RSA in Python, detailing key generation, message signing, and signature verification. It also explains Buffer Overflow and Format String vulnerabilities, highlighting their causes, examples, and potential exploits, along with prevention strategies. The document emphasizes secure coding practices to mitigate these common security issues.

Uploaded by

kipchumbaian80
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 5

1.

Implement the signature scheme - digital signature

ChatGPT said:

Here’s a basic implementation of a Digital Signature Scheme using RSA in Python. It involves:

1. Key Generation: Generate a public-private key pair.


2. Signing: Create a signature by hashing a message and encrypting it with the private key.
3. Verification: Decrypt the signature using the public key and compare it with the message
hash.

Install Dependencies

You'll need the cryptography library. Install it using:

bash
CopyEdit

pip install cryptography

from cryptography.hazmat.primitives.asymmetric import rsa, padding


from cryptography.hazmat.primitives import hashes, serialization

# Generate RSA Key Pair


def generate_keys():
private_key = rsa.generate_private_key(
public_exponent=65537,
key_size=2048,
)
public_key = private_key.public_key()
return private_key, public_key

# Sign a Message
def sign_message(private_key, message):
signature = private_key.sign(
message.encode(),
padding.PSS(
mgf=padding.MGF1(hashes.SHA256()),
salt_length=padding.PSS.MAX_LENGTH
),
hashes.SHA256()
)
return signature
# Verify a Signature
def verify_signature(public_key, message, signature):
try:
public_key.verify(
signature,
message.encode(),
padding.PSS(
mgf=padding.MGF1(hashes.SHA256()),
salt_length=padding.PSS.MAX_LENGTH
),
hashes.SHA256()
)
return True
except Exception:
return False

# Test the Digital Signature Scheme


if __name__ == "__main__":
private_key, public_key = generate_keys()

message = "This is a secure message."


signature = sign_message(private_key, message)

is_valid = verify_signature(public_key, message, signature)


print(f"Signature valid: {is_valid}")

Explanation:

 generate_keys() → Creates a private and public key pair.


 sign_message(private_key, message) → Signs a message using the private key.
 verify_signature(public_key, message, signature) → Verifies the signature using the
public key.
2. Understanding the buffer overflow and format string

ChatGPT said:

Buffer Overflow and Format String Vulnerabilities Explained

Both Buffer Overflow and Format String vulnerabilities are common security issues that arise
due to improper memory management and unsafe handling of user input.

1. Buffer Overflow

What is a Buffer Overflow?

A buffer overflow occurs when a program writes more data into a buffer (fixed-size memory
space) than it can hold, causing memory corruption. This can lead to crashes, arbitrary code
execution, or privilege escalation.

Example of a Buffer Overflow

Consider a vulnerable C program:

#include <stdio.h>
#include <string.h>

void vulnerable_function(char *user_input) {


char buffer[10]; // Fixed-size buffer
strcpy(buffer, user_input); // No bounds checking
printf("You entered: %s\n", buffer);
}

int main() {
char input[100];
printf("Enter something: ");
gets(input); // Unsafe function
vulnerable_function(input);
return 0;
}

Why is this vulnerable?

 The function strcpy() does not check the length of user_input, leading to buffer overflow
if input exceeds 10 characters.
 If an attacker provides a longer input, it can overwrite adjacent memory, possibly
hijacking program execution (e.g., modifying return addresses).

Exploiting Buffer Overflow

An attacker could inject a payload (like shellcode) to take control of execution. Modern systems
use protections like DEP, ASLR, and Stack Canaries, but bypass techniques exist.

2. Format String Vulnerability

What is a Format String Vulnerability?

A format string vulnerability occurs when a program incorrectly uses user-supplied input as a
format string in functions like printf(). This can lead to memory leaks or arbitrary memory
writes.

Example of a Format String Vulnerability

#include <stdio.h>

void vulnerable_function(char *user_input) {


printf(user_input); // Incorrect usage: No format specifier
printf("\n");
}

int main() {
char input[100];
printf("Enter something: ");
gets(input);
vulnerable_function(input);
return 0;
}

Why is this vulnerable?

 If the user enters Hello, it prints normally.


 But if the user enters %x %x %x %x, it prints values from the stack.
 If an attacker enters %s %s %s, it may cause a segmentation fault or leak sensitive data.

Exploiting Format String Vulnerabilities

 Memory Leak: %x or %s can dump memory addresses (useful for ASLR bypass).
 Arbitrary Memory Write: %n can modify memory, potentially altering control flow.
How to Prevent These Vulnerabilities?

✅ For Buffer Overflows:

 Use strncpy() instead of strcpy() (with proper bounds checking).


 Avoid gets(), use fgets().
 Implement Stack Canaries, DEP, and ASLR.

✅ For Format String Attacks:

 Always use explicit format strings, e.g.:

printf("%s", user_input); // SAFE

 Disable executable stacks with DEP/NX.

You might also like