Skip to content

cryptolens v1.4.0

Latest
Latest

Choose a tag to compare

View all tags
@abdorrahmani abdorrahmani released this 27 Jul 08:17
· 2 commits to master since this release
v1.4.0
9edb416

🚀 CryptoLens v1.4.0 Release Notes

Highlights

  • Major new features: JWT None Algorithm Attack simulation, ChaCha20-Poly1305 AEAD, comprehensive attack simulations (ECB, nonce reuse, brute force, timing), enhanced benchmark, and improved CLI/visualization.
  • Key improvements: Key management overhaul, test coverage, modular refactor, and comprehensive documentation.

✨ Features

  • ChaCha20-Poly1305 AEAD
    • Full processor implementation with encryption/decryption, secure key/nonce management, and detailed visualization.
    • Manual key/nonce entry with strong security warnings and improved error handling.
    • Interactive tampering test with step-by-step guide and real-time feedback.
    • Enhanced documentation: key/nonce/tag details, security notes, and usage guidance.
  • Attack Simulations
    • JWT None Algorithm Attack: demonstrates JWT signature bypass, algorithm manipulation, and security implications.
    • ECB mode vulnerability demo: pattern leakage, visual block detection, and security implications.
    • Nonce reuse attack for AEAD ciphers: catastrophic impact, XOR demonstration, and best practices.
    • Brute force attack: dictionary attack on weak PBKDF, security comparison, and best practices.
    • Timing attack: ETA calculation, accuracy stats, and improved progress visualization.
  • Benchmark Enhancements
    • Memory usage tracking, platform info (OS, arch, CPU), cross-platform comparison, and memory efficiency tips.
  • Display & CLI
    • Centered ASCII art and welcome messages, improved formatting, and color standardization.
    • Enhanced step visualization: section headers, arrows, indicators, diagrams, and labels.

🛠️ Enhancements & Refactors

  • Key Management
    • All key file paths now use a dedicated keys directory for better organization.
    • Automatic creation of keys directory if missing across all processors and tests.
  • Code Structure
    • Attack processors refactored for modularity and SOLID principles.
    • Consistent configuration handling, reusable methods, and clear separation of concerns.
    • Standardized attack demonstration flow and progress tracking.
  • Test Coverage
    • 91%+ coverage for config package with robust error handling.
    • Comprehensive test suites for ChaCha20-Poly1305 and ECB attack processors.

🐛 Fixes

  • Handled unchecked error returns in nonce reuse and ChaCha20-Poly1305 tests.
  • Improved error handling and validation throughout attacks and crypto modules.
  • Fixed step reordering and formatting issues in display/visualizer.

📚 Documentation

  • New & Enhanced Docs:
    • JWT None Algorithm Attack: comprehensive vulnerability explanation, attack process, prevention methods, and real-world examples.
    • AES, Base64, Caesar, ChaCha20-Poly1305, DH, HMAC, JWT, PBKDF, RSA, SHA-256, X25519.
    • README: CLI interface image, attack simulations, usage, features, and best practices.
    • Detailed CLI usage, encryption examples, key/nonce/tag explanations, and troubleshooting.

🧪 Tests

  • JWT None Algorithm Attack: comprehensive test suite covering token creation, attack simulation, error handling, and integration testing.
  • ChaCha20-Poly1305: encryption/decryption, edge cases, tampering, AAD, invalid config, and more.
  • ECB attack: config, input scenarios, base64, pattern detection, and padding.
  • Config: all getters, defaults, error scenarios, file ops, and edge cases.

💡 Upgrade Notes

  • All key files are now stored in the keys directory. Ensure this directory exists or is writable.
  • Attack simulations are accessible from the new menu section (now includes JWT None Algorithm Attack).
  • Review updated documentation for new features and best practices.
  • JWT None Algorithm Attack demonstrates critical JWT vulnerabilities and prevention methods.

🙏 Thanks for using CryptoLens! Your feedback and contributions are welcome.

Assets 11
Loading