Generating a Crypto Random String in Dart

31 March 2019 Dart
.NET Core

To help a 10% project at work, the Rock Solid Knowledge IdentityServer team has been creating a basic OpenID Connect library for a Flutter application. After poking around in Dart over the weekend, I found that Dart did not have a straightforward way to create a cryptographically random string suitable for OAuth/OpenID Connect values such as state, nonce, or PKCE’s code challenge. So, in this article, I’m going to share a straightforward way to generate one.

Dart’s Random Number Generator

Luckily, Dart does have a cryptographically secure random number generator that we can use, found in the dart:math library.

Read more

Solving the Cryptopals Crypto Challenges in C#

11 February 2019 Cryptopals

I’ve recently started the cryptopals crypto challenges, and, frankly, even the basics are kicking my ass. However, I seem to be enjoying them, and I’m finally starting to understand some of the Computer Science topics I really should have listened to at University. If you are like me and prefer learning by getting your hands dirty and hacking some code together, then I highly recommend working through some of these challenges.

If you have not heard about cryptopals before, then I'll leave it to the creators to explain:

“We've built a collection of 48 exercises that demonstrate attacks on real-world crypto.

This is a different way to learn about crypto than taking a class or reading a book. We give you problems to solve. They're derived from weaknesses in real-world systems and modern cryptographic constructions. We give you enough info to learn about the underlying crypto concepts yourself. When you're finished, you'll not only have learned a good deal about how cryptosystems are built, but you'll also understand how they're attacked.”

The cryptopals crypto challenges
Read more

Challenge 1: Base64 Encoding

11 February 2019 Cryptopals

We’ve all used Convert.ToBase64String() but what is it actually happening under the covers? Sure, it’s taking a value and representing it using only characters from a range of 64 characters, but how exactly does it do that? Up until now, I probably couldn’t have told you.

My favorite example for understanding how Base64 encoding works is actually from Wikipedia...

Read more

Challenges 2-6: Caesar and Vigenère Ciphers

11 February 2019 Cryptopals

The next few challenges cover implementing and then breaking the Caesar and Vigenère ciphers. These ciphers usually serve as the introduction to most cryptography books, as a history lesson of what we used to use and how easy they are to break. However, with cryptopals, we take this academic knowledge and turn it into practice.

Peter Paul Rubens - Julius Caesar
Peter Paul Rubens Julius Caesar. Photo taken by Ralf Roletschek
Read more

Ktor using OAuth 2.0 and IdentityServer4

01 February 2019 Kotlin

This article will show you how to configure a Kotlin Ktor application to get access tokens from IdentityServer4 using OAuth 2.0. These tokens can then be used to access an API on behalf of a user. We’ll be using JWTs as our access tokens. To find out how to authorize access to a Ktor API using JWTs, check out my past article “JSON Web Token Verification in Ktor using Kotlin and Java-JWT”.

Kotlin logo
Ktor logo
IdentityServer logo

Ktor OAuth Support

Currently, Ktor only supports OAuth which means our Ktor application can receive access tokens to talk to an API on behalf of the user, but it cannot find out who the user is. If we wanted to find out who the user is and to receive identity tokens, we would need OpenID Connect, which is currently unsupported...

Read more