Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
github.com/mhumm/delphiencryptioncompendium
DEC is a library for Embarcadero Delphi, containing different cryptographic algorithms. It contains algorithms for these categories:
The current version 6.4.1 is compatible with Delphi 2009 - Delphi 11.0 Alexandria. When defining the NO_ASM define in DECOptions.inc it is compatible with all platforms supported by Delphi! It might be compatible with FPC, but this has not been focus and is not tested. The development branch contains a more FPC compatible version already.
If you need support for older Delphi versions use version 5.2, which is compatible with Delphi 7-2007 at least but lacks some hash implementations, HMAC and KDF improvements. While V5.2 can be made compatible with newer Delphi versions with small modifications we strongly recommend to better adapt your code to use the current version of DEC, given all these improvements made since then. A list of changes is available in the docs folder.
V6.0 was released shortly before Christmas 2020. Since then work continued by some users supplying code, reporting bugs (regressions) along with fixes and by adding SHA2-224 which was still missing. Details about the changes and additions in V6.4.1 can be found in the VersionHistory.pdf file in the docs subfolder of the development branch.
In comparison to 5.2 we added some console, VCL and FMX based demo applications. The FMX based demos are even available via Google play as "DEC cipher demo" and "DEC hash demo".
In the root folder of DEC V6.4.1 you will find further files with information about this project like NOTICE.txt, CONTRIBUTING.md, SECURITY.md. Also take the time to read DEC64.pdf in the Docs folder and look at the demos provided in the Demos subfolder.
DEC 5.2 came with some "arcane" test program testing the algoithms implemented using test data supplied via some text file. For many algorithms this test data stems from official documentation of the algorithms itsself. DEC 5.2 passes these tests.
DEC 6.0 reworked these tests into DUnit and DUnitX tests. We also added some more tests and with this replaced the "arcane" test program which used hard to understand code. A few of the implemented unit tests may still fail, but this is simply because they are empty sceletons at this point in time waiting to be filled in. We first need to work out how to implement these tests and maybe look for test data. Why don't you help out by researching useful test data for those few tests? We're talking at block chaining mode tests for the ciphers specifically.
In DEC 6.2 the unit tests for the hash classes were looked at and where not already used original test data vectors (as far as we could find them - for most we could) have been added to improve test coverage. V6.3 added further synthesized tests for some hash classes. For SHA3 and for the GCM block chaining method the original test vectors provided by NIST are used for the unit tests.
Modes ending on x have been invented by the original developer of DEC
FAQs
Unknown package
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.