Sunday, 11 November 2018

Post IETF103 Hackathon project work.


I finally completed my second open-source project on a sunday afternoon healing from the long hike I had the day before with my team at Linkbynet. A hike of 7km across the south coast of Mauritius.


One week has already passed by and I was still working on the putty project for the IETF103 which was deprecating RC4 from the source code.

At first we had difficulty to compile the source code but later on we found another tarball for the source code with which we successfully compiled the code.

I setup a vm with centos 7 on it with on old version of openssh-server (6.2) which had support for the rc4 encryption. Then i used the compiled version of putty and try to connect to the server, analyzing the communication with wireshark in the background. With some trials I found the rc4 encryption in the encryption exchange list.

After that success, I spent another night removing all traces of rc4 in the source code. It was with a lot of investigations and debugging that I removed rc4 from the source code.

Now the next step was to re-compile the code and see if the application still works and if rc4 has disappeared. But as always compiling code is not an easy job. I ran through some bugs which led to several failed attempts. However with some observation and debugging I solved the issue and it finally compiled without any errors.

To finally say "eureka" some testing has to be done to see if rc4 does not appear while trying to connect to the server.





As we can see from the pictures, the result was satisfying. No more rc4 in the source code of putty and it is now safer to use. Here is the link to my github.

See you on my next project.

Sunday, 4 November 2018

IETF 103 hackathon remotely by cyberstorm.mu – Day 1,2,3


Day 1:

We received a lot of goodies from wolfssl for the work Loky has done previously.

We continued our work on the Jsch deprecation of RC4, we have to compile the JSch.jar with example file to test if the SSH works while connecting to a remote server.

The best way to start working is to make a brainstorming to see where we are and what we have to do.


Together, several test were performed connecting to two type of server, one supporting RC4 and the other not.

We found proof of the existence of RC4 in the old ssh server while using Wireshark and analyzing the traffic.

Once we know everything is working fine and understand the library and the protocols.

Now our task is to remove RC4 support from the library. With a lot of debugging we found all the traces of RC4 and removed.

Day2:

The next step is to re-compile the code with all the modification we made. As all developers knows while recompilation always leads to errors. But with some help of other team members we finally re-compiled the java library with ANT Apache.

The next step is to perform all the test we had done previously before we patched it.

The results was satisfactory as our newly Jsch library still working fine and while observing the traffic in wireshark we can no more see RC4 response from the host server.


The last step is to create a pull request and commit our changes to the main repository.

To sums up, it was an intensive and fruitful hackathon.

Great thanks to Logan and Nitin for having me in the team.


 

See you in my next blog.

Saturday, 3 November 2018

IETF103

Hackathon with cyberstorm.mu

IETF - Internet Engineering Task Force
 The Internet Engineering Task Force is an open standards organization, which develops and promotes voluntary Internet standards, in particular, the standards that comprise the Internet protocol suite. It has no formal membership or membership requirements.

Day 0 :

The Day started early in the morning preparing myself to go to the meetup point at Q.Bornes with my friend Rahul. After that, we headed toward the north to wait for another pickup at Grand Baie La Croisette by Nitin. Unfortunately, we spent 5hr at the mall, playing PlayStation and eating pizza. Finally, we reached the flat at 4 pm.

Being a first-timer for this event, I was not fully prepared and still did not know if I will be able to work on a level they are expecting.  So I braced myself and took the challenge I was given. I had to work the project ( depreciating RC4/ARCFOUR encryption algorithm in JSch library which is a pure Java SSH2 implementation (more detail on Jscraft).

Why we have to removing the ARCFOUR cipher in the Java SSH2 implementation:
  The usage of RC4 suites ( also designated as arcfour ) for SSH are specifies the allocation of the "arcfour" cipher for SSH. RC4 encryption is steadily weakening in cryptographic strength and the deprecation process should be begun for their use in Secure Shell (SSH).

Loky and I  start working together, we have to perform several tests to see the encryption algorithms available with the Jsch Java library. A lot of time spent debugging until late at night.

We had awesome food to fill our bellies. The night passed by.

Some had a blast in the pool:


Project and members:

TLS 1.3 protocol
Loganaden Velvindron
Rahul Golam
Codarren Velvindron
Nathan Sunil Mangar
Jeremie Daniel

HTTP 451 protocol
Kheshav Sewnundun
Kifah Meeran
Veegish Ramdanee

SSH protocol
Nitin J Mutkawoa
Diresh Soomirtee
Jagveer Loky


IETF104 - Day [ 0 - 2 ] TLS1.3

Day - 0: This is my second hackathon with cyberstorm.mu  and we were already at the location where the team had gather, have intens...