Skip to content

Instantly share code, notes, and snippets.

View dchest's full-sized avatar
☮️

Dmitry Chestnykh dchest

☮️
553 followers · 69 following
View GitHub Profile
@dchest
dchest / gist:5175956
Last active December 15, 2015 00:49
How to configure Mailman to avoid their "password" madness.

Stop letting Mailman subscribers choose their own password -- it's stored insecurely and sent to them by email in clear text. Even though Mailman displays "Do not use a valuable password as it will occasionally be emailed back to you in cleartext" message, nobody reads messages.

Treat these "not valuable passwords" as good-to-have but not required to be 100% secure tokens and generate them automatically and include them into the links.

@dchest
dchest / fileurldec.go
Created February 16, 2013 16:58
Renames URL-encoded filenames like %FU%CK%IN%G0 to normal text.
package main
import (
"flag"
"fmt"
"net/url"
"os"
"path/filepath"
)
@dchest
dchest / gist:4953638
Created February 14, 2013 15:45
reversing vPass2
encrypt = function(data, length) {
var chars = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789$%,()*-./;:<=>?[\]^_{|}~".split("");
var chars_length = chars.length;
var data_length = data.length;
// Data is required
if(data == "") {
return "";
}
@dchest
dchest / rc4_unsafe.go
Last active December 12, 2015 07:58
Comparison to rc4_amd64.s on Core 2 Duo
benchmark old ns/op new ns/op delta
BenchmarkRC4_128 820 604 -26.34%
BenchmarkRC4_1K 6420 4444 -30.78%
BenchmarkRC4_8K 50373 35335 -29.85%
benchmark old MB/s new MB/s speedup
BenchmarkRC4_128 156.00 211.80 1.36x
BenchmarkRC4_1K 159.49 230.40 1.44x
@dchest
dchest / rc4_asm.go
Last active December 12, 2015 03:58
Core 2 Duo
benchmark old ns/op new ns/op delta
BenchmarkRC4_128 817 614 -24.85%
BenchmarkRC4_1K 6406 4967 -22.46%
BenchmarkRC4_8K 50450 38976 -22.74%
benchmark old MB/s new MB/s speedup
BenchmarkRC4_128 156.59 208.35 1.33x
BenchmarkRC4_1K 159.83 206.16 1.29x
@dchest
dchest / salsa20.js
Last active August 16, 2025 16:02
/*
IMPORTANT!!! DO NOT USE THIS. It works, but you'll probably get it wrong,
because it must be keyed with at least 128 bits of entropy, and where
do you get this entropy, huh?
- In a browser, you get it from window.crypto.getRandomValues().
- In Node, you get it from crypto.randomBytes()
Now LOOK AT YOU! You already have secure ways to generate random bytes,
@dchest
dchest / plistgen.py
Created January 6, 2013 17:08
.plist-of-death generator
# .plist-of-death generator
import base64
import os
# Adjust this to your taste:
NKEYS = 30000
def colliding_string():
return "a"*32 + base64.b64encode(os.urandom(10))[:14] + "a"*82
@dchest
dchest / gist:4467707
Last active December 10, 2015 17:28
Cocoa HashDoS
#import <Foundation/Foundation.h>
NSString *collidingString() {
char rs[15];
for (int i = 0; i < 14; i++)
rs[i] = arc4random_uniform('Z'-'A') + 'A';
rs[14] = 0;
return [NSString stringWithFormat:@"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa%saaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa________________aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa",
rs];
@dchest
dchest / scrypt.html
Created November 23, 2012 13:51
<!doctype html>
<html>
<script>
var Crypto;
(function (Crypto) {
var SHA256 = (function () {
function SHA256() {
this.blockLength = 64;
this.digestLength = 32;
@dchest
dchest / gist:4133602
Created November 23, 2012 01:28
Comma is faster than semicolon in Safari / JavaScriptCore
// ** Update:
// ** THIS ONLY AFFECTS CODE PASTED INTO WEB INSPECTOR CONSOLE
// ** ACTUAL LOADED CODE ON WEB PAGE RUNS ALMOST THE SAME WITH COMMAS OR SEMICOLONS.
// **
// Safari Version 6.0.2 (8536.26.17)
// Output:
//
// comma: 193 ms
// semicolon: 575 ms