Sunday, April 29, 2012

Quick Project #2: Ruby Methods for Protecting Against Timing Attacks

Breaking with my usual style, Quick Project #2 doesn't necessarily relate to music programming.

Today I came across a nice little article and demo on r/compsci about timing attacks.

Timing attacks are something that I had learned about a few years ago but for whatever reason had dropped from the forefront of my engineering consciousness. In order to bash myself over the head with it (and provide a universal solution), I created Ruby wrapper methods for Object#send and block evaluation that are padded with a fixed timing delay.

Here 'tis, including some basic String comparison examples at the bottom:

To use it, just pass in a "safe" duration (in seconds) that likely exceeds any possible amount of time it could take to evaluate the code. In the following example I use the greatly exaggerated value of .75 seconds. In the wild, you'll most likely be working in smaller durations

  is_match = ExpressionTimer.block(0.75) { "password attempt!" == "my password!" }

When the example is run, no matter how quickly the block actually evaluates, it will always take exactly 3/4s of a second to return. As a result, actual timing information is lost in the ether and can not be gleaned by any outside observer.

Wednesday, April 25, 2012

Quick Project #1: Extract Audio Samples From Online Video

As I get ready to move once again (this time to the Ridgewood/Bushwick border) there's not a whole lotta time for personal projects. Yesterday I decided that I would find a quick one and do it no matter how useless it was.

Turned out, I came up with something that's going to be pretty useful (for me). Last week, a coworker pointed me to marcel's awesome Ruby giftube script which extracts animated gifs from online videos. I've been looking to incorporate more audio samples in my music for quite some time, so I forked his script and changed it to extract audio samples instead of gifs, complete with mp3 conversion.

Here's the result: