2024¶

Handshake in TLS 1.3

This blog writes the takeaway notes of the TLS 1.3 handshake. To understand it, several basic crypto algorithms are required, such as SHA(security hash algorithm), DHE(Diffie-Hellman Exchange), KDF(key derivation function), DSA(digital signature algorithm) and AES. Moreover, understanding the PKI(public key infrastructure) is needed as well.

In this blog, the fundamental math formulas are not the focused parts. Instead, we focus on the whole workflow. The full details are stipulated by the rfc8446.

Company IPS Plays MITM for the openai.com

Recently, one of my friends told my company alerts you when you open the openai to suggest you use the company's internal gpt tool. However, the browser still treats this connection as secure because it satisfies the HTTPs requirement.

This is indeed the man-in-the-middle attack, which hijacks your connections as the middle man and then establish another connection to communicate. The root cause is that in your company device, the certificates of company's ISP are forcibly trusted. As a result, technically they could monitor and modify your requests when necessary.

Go Cgo: stdlib.h Not Found after Upgrading

After upgrading macOs, my go breaks as it cannot find the stdlib.h:

BUILD| runtime/cgo
     | _cgo_export.c:3:10: fatal error: 'stdlib.h' file not found

Tor: the 2^nd Generation Onion Router Paper Notes

This blog notes brief ideas about Tor onion router design based on the paper of Tor: the 2^nd Generation Onion Router. This blog will introduce what is tor, and how it's designed to work.

Errcheck Linter Implementation

Recently, I'm going to develop a static tool to analyze our self-defined framework syntax inside our company. Hence, I investigated a lot around the open source linters to find some ideas. This blogs talks about the implementation of errcheck. It's based on AST and relies on the node types to handle the different cases.