Cryptanalysis and attack framework
Project description
# samson
### **DO NOT USE SAMSON'S CRYPTOGRAPHIC PRIMITIVES TO SECURE THINGS**
samson is a cryptanalysis and attack framework. The intent is to provide a way to quickly prototype and execute cryptographic and side-channel attacks. samson was born from frustration with existing libraries artificially limiting user control over cryptographic primitives.
Many of the biggest cryptographic attacks have been implemented including:
* CBC Padding Oracle
* PKCS#1v1.5 Padding Oracle
* CRIME/BREACH
* DSA/ECDSA key reuse
* Stream cipher nonce reuse
* Merkle-Damgard Length Extension
* PRNG cracking
samson's key focuses are:
* _Flexibility_: Allow the user to freely manipulate internal state
* _Uniformity_: Present the user with a uniform interface
* _Convenience_: Minimize time spent not directly solving a problem
* _Real world applicability_: Build attacks to work generically and include interfaces to common standards
## Example Use Cases
* Auditing infrastructure
* Modelling existing systems
* Solving/creating CTFs
## Testing Environment
* **Runtime**: Python 3.6.7
* **Architecture**: Linux 4.18.17-200.fc28.x86_64 #1 SMP Mon Nov 5 18:04:28 UTC 2018 GNU/Linux
* **OS**: Fedora Security Lab (Fedora release 28)
## Installation
### RHEL derivatives
```bash
sudo dnf -y install python3-devel gmp-devel redhat-rpm-config
pip3 install samson-crypto
```
## Performance
Samson's primitives aren't the fastest nor were they meant to be. If you're concerned about performance, you have a couple of options:
* Use primitives from a faster library (e.g. pycrypto)
* Use PyPy instead of CPython
Since samson mostly calls Python, PyPy offers large speed-ups. However, `multiprocessing` doesn't work very well with PyPy. There seems to be a memory leak, and sometimes bytes are unpickled as strings. I recommend against running the RC4 prepend attack with PyPy as it uses `multiprocessing`. Additionally, the latest stable version of PyPy works with Python 3.5 while SHA3 was introduced in 3.6. samson's SHA3 will still work, but the tests will fail.
### **DO NOT USE SAMSON'S CRYPTOGRAPHIC PRIMITIVES TO SECURE THINGS**
samson is a cryptanalysis and attack framework. The intent is to provide a way to quickly prototype and execute cryptographic and side-channel attacks. samson was born from frustration with existing libraries artificially limiting user control over cryptographic primitives.
Many of the biggest cryptographic attacks have been implemented including:
* CBC Padding Oracle
* PKCS#1v1.5 Padding Oracle
* CRIME/BREACH
* DSA/ECDSA key reuse
* Stream cipher nonce reuse
* Merkle-Damgard Length Extension
* PRNG cracking
samson's key focuses are:
* _Flexibility_: Allow the user to freely manipulate internal state
* _Uniformity_: Present the user with a uniform interface
* _Convenience_: Minimize time spent not directly solving a problem
* _Real world applicability_: Build attacks to work generically and include interfaces to common standards
## Example Use Cases
* Auditing infrastructure
* Modelling existing systems
* Solving/creating CTFs
## Testing Environment
* **Runtime**: Python 3.6.7
* **Architecture**: Linux 4.18.17-200.fc28.x86_64 #1 SMP Mon Nov 5 18:04:28 UTC 2018 GNU/Linux
* **OS**: Fedora Security Lab (Fedora release 28)
## Installation
### RHEL derivatives
```bash
sudo dnf -y install python3-devel gmp-devel redhat-rpm-config
pip3 install samson-crypto
```
## Performance
Samson's primitives aren't the fastest nor were they meant to be. If you're concerned about performance, you have a couple of options:
* Use primitives from a faster library (e.g. pycrypto)
* Use PyPy instead of CPython
Since samson mostly calls Python, PyPy offers large speed-ups. However, `multiprocessing` doesn't work very well with PyPy. There seems to be a memory leak, and sometimes bytes are unpickled as strings. I recommend against running the RC4 prepend attack with PyPy as it uses `multiprocessing`. Additionally, the latest stable version of PyPy works with Python 3.5 while SHA3 was introduced in 3.6. samson's SHA3 will still work, but the tests will fail.
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
samson-crypto-0.0.19.tar.gz
(280.1 kB
view hashes)