February Meeting Notes: cryptography and simple histograms

Posted on February 18, 2007 by Noah Dunker

170

For this month’s meeting, Joel and I talked about simple cryptography theory, and followed it up with discussing how a histogram can be used to help analyze and break certain types of cryptography schemes.

Histograms are just a way to graphically represent data. This can be color data from an image, or data in a text or binary file. Really, histograms are just simple bar graphs.

Read on for the rest of the details.

Without posting everything that Joel and I said in the meeting, it’d pretty difficult for me to convey exactly how histograms can be used for cryptanalysis. Simply put, the histogram shows the number of times each character appears in a file. In a simple letter-substitution scheme, it would be easy to see what letters show up most often in natural language and in the encrypted text. There’s a fairly good chance that you can start replacing letters that have similar frequency. Once you’ve accurately substituted enough letters in the encrypted text to form a few whole words or easily-guessed partial words, it becomes no more difficult to completely decrypt the message than playing a game of hangman that’s already half-solved.

Here are a few histograms I generated for large text files. This is useful for analyzing the frequency that certain characters appear in a file:

As you can see, the charts both top out at the same place. That’s a space character. Spaces are easily the most common character found in written text. All the bars to the left of the tall bar are “control characters” such as carriage returns. Directly to the right of the tall bar are symbols, numbers, upper-case and lower-case letters respectively.

Notice the whole right side of the above graphs are empty, because those are called “high ascii” characters that aren’t commonly found in written text, but are common in binary files.

This is a histogram of a file containing only random data:

And finally, a histogram of an OpenBSD binary executable file (which has a lot of nulls on the far left) throwing off the curve. Nulls are very common on executable files on almost any platform.

Finally, you can take a look at my code. It was a pretty quick hack for personal research reasons, but I decided to bring it up in the meeting today. I made sure to document most of the important logic in the code.

http://churchofpuffy.com:7080/histogram.phps

Thanks to everyone who showed up for this month’s meeting!

Detailed Guide To Arrays

Posted on February 7, 2007 by Noah Dunker

505

Today, on HowtoForge I saw an interesting series of [url=http://fastcreators.com/article/category/fast-php-tutorial-series/]fast PHP tutorials[/url]. The latest in the series is on Arrays, and it’s quite good. The whole series looks like a great read for the novice PHP programmer.

[url=http://www.howtoforge.com/php_arrays]Full article here –>[/url]

Security From The Inside

Posted on February 6, 2007 by Noah Dunker

169

This interview with Stefan Esser was recently posted on Security Focus.

[i]Stefan Esser is the founder of both the Hardened-PHP Project and the PHP Security Response Team (which he recently left). Federico Biancuzzi discussed with him how the PHP Security Response Team works, why he resigned from it, what features he plans to add to his own hardening patch, the interaction between Apache and PHP, the upcoming “Month of PHP bugs” initiative, and common mistakes in the design of well-known applications such as WordPress.[/i]

[url=http://www.securityfocus.com/columnists/432][b]Full Interview via Security Focus –>[/b][/url]

Image Manipulation with PHP and GD

Posted on August 18, 2006 by Noah Dunker

This two-part article on [url=http://www.phpit.net]PHPit[/url] blipped across my [url=http://digg.com/]Digg radar[/url] today. At my last job I actually had to play with PHP/GD quite a bit. This is one of the better tutorials I’ve seen on the subject.

[url=http://www.phpit.net/article/image-manipulation-php-gd-part1/]Part 1[/url]

[url=http://www.phpit.net/article/image-manipulation-php-gd-part2/]Part 2[/url]

Check your PHP code with unit tests

Posted on August 18, 2006 by Noah Dunker

This article covers installation and use of the PHPUnit2 pear module, and discusses how to test your applications at the module, DB and interface level. This is a good read, especially for those of you who must deploy tested, solid applications.

http://www-128.ibm.com/developerworks/opensource/library/os-php-unit/

Five common PHP Database problems

Posted on August 3, 2006 by Noah Dunker

378

This article on IBM DeveloperWorks discusses five common mistakes that PHP developers make when working with databases.

I’m guilty as charged on a few of these. 😳

[url=http://www-128.ibm.com/developerworks/opensource/library/os-php-dbmistake/?ca=dgr-lnxw97Avoid5PHPerrors]http://www-128.ibm.com/developerworks/opensource/library/os-php-dbmistake/?ca=dgr-lnxw97Avoid5PHPerrors[/url]

PHP Encryption for mere mortals

Posted on July 26, 2006 by Noah Dunker

I’ve really been loving IBM DeveloperWorks lately! Here’s another great PHP tutorial!

The author provides a quick primer on information security and cryptography, then jumps right into applying it to PHP with some very useful advice on proper implementation. Several code examples and a good number of external links are also provided.

[url=http://www-128.ibm.com/developerworks/opensource/library/os-php-encrypt/?ca=dgr-lnxw97PHP-encrypt]http://www-128.ibm.com/developerworks/opensource/library/os-php-encrypt/?ca=dgr-lnxw97PHP-encrypt[/url]

PHP Designer – A nifty windows PHP IDE

Posted on July 26, 2006 by Noah Dunker

I’ve been doing some mild PHP Programming at my new job. The contractor before me left a few things installed on the computer, including this little freeware gem that I’ve never heard of.

[url=http://www.mpsoftware.dk/phpdesigner.php]http://www.mpsoftware.dk/phpdesigner.php[/url]

Of course, the reason I haven’t heard of it is because I don’t usually choose Windows as my development platform. In the corporate world, though, I don’t have much choice. PHP Designer integrates really well with many of the *AMP packages for Windows. They recommend XAMPP however I’m certain it would work equally well with WAMP or the others.

Within, it offers syntax highlighting for several languages aside from C, a built-in PHP debugger (you must have the PHP executable installed somewhere for it to use), and several other features. While I wish it offered VI-esque text editing commands, I’ll survive if it feels a little more like wordpad than vi.

I don’t have much PHP IDE Experience to compare PHP Designer to, but I’ve enjoyed working with it for the past 2 weeks. Give it a shot.

Optimizing PHP Objects

Posted on July 26, 2006 by Noah Dunker

I ran across this article on Digg yesterday when surfing from my PDA in a coffee shop on lunch. I bookmarked it but never got around to posting it yesterday. The author provides some tips and tricks for streamlining PHP Objects. Some of the tips are just good solid programming advice for PHP.

[url=http://www.whenpenguinsattack.com/2006/07/21/optimizing-object-oriented-php/]http://www.whenpenguinsattack.com/2006/07/21/optimizing-object-oriented-php/[/url]

Five things you didn’t know you could do with PHP

Posted on July 9, 2006 by Noah Dunker

Larry Ullman (writer of several PHP books and an instructor at UCB) wrote this article on interesting ways to use PHP. It covers unconventional ways to use conventional PHP features. I liked it.

[url=http://www.devsource.com/article2/0,1759,1778106,00.asp]http://www.devsource.com/article2/0,1759,1778106,00.asp[/url]