Cryptography Assignment
Cryptography Assignment
ChatGPT said:
Here’s a basic implementation of a Digital Signature Scheme using RSA in Python. It involves:
Install Dependencies
bash
CopyEdit
# Sign a Message
def sign_message(private_key, message):
signature = private_key.sign(
message.encode(),
padding.PSS(
mgf=padding.MGF1(hashes.SHA256()),
salt_length=padding.PSS.MAX_LENGTH
),
hashes.SHA256()
)
return signature
# Verify a Signature
def verify_signature(public_key, message, signature):
try:
public_key.verify(
signature,
message.encode(),
padding.PSS(
mgf=padding.MGF1(hashes.SHA256()),
salt_length=padding.PSS.MAX_LENGTH
),
hashes.SHA256()
)
return True
except Exception:
return False
Explanation:
ChatGPT said:
Both Buffer Overflow and Format String vulnerabilities are common security issues that arise
due to improper memory management and unsafe handling of user input.
1. Buffer Overflow
A buffer overflow occurs when a program writes more data into a buffer (fixed-size memory
space) than it can hold, causing memory corruption. This can lead to crashes, arbitrary code
execution, or privilege escalation.
#include <stdio.h>
#include <string.h>
int main() {
char input[100];
printf("Enter something: ");
gets(input); // Unsafe function
vulnerable_function(input);
return 0;
}
The function strcpy() does not check the length of user_input, leading to buffer overflow
if input exceeds 10 characters.
If an attacker provides a longer input, it can overwrite adjacent memory, possibly
hijacking program execution (e.g., modifying return addresses).
An attacker could inject a payload (like shellcode) to take control of execution. Modern systems
use protections like DEP, ASLR, and Stack Canaries, but bypass techniques exist.
A format string vulnerability occurs when a program incorrectly uses user-supplied input as a
format string in functions like printf(). This can lead to memory leaks or arbitrary memory
writes.
#include <stdio.h>
int main() {
char input[100];
printf("Enter something: ");
gets(input);
vulnerable_function(input);
return 0;
}
Memory Leak: %x or %s can dump memory addresses (useful for ASLR bypass).
Arbitrary Memory Write: %n can modify memory, potentially altering control flow.
How to Prevent These Vulnerabilities?