Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/woodruffw/baseperm

A small tool for generating valid permutations of strings in baseN alphabets.
https://github.com/woodruffw/baseperm

base32 base64 permutation rust

Last synced: 2 days ago
JSON representation

A small tool for generating valid permutations of strings in baseN alphabets.

Host: GitHub
URL: https://github.com/woodruffw/baseperm
Owner: woodruffw
License: other
Created: 2020-01-28T01:50:35.000Z (over 4 years ago)
Default Branch: master
Last Pushed: 2023-03-05T22:04:34.000Z (over 1 year ago)
Last Synced: 2024-01-06T18:03:32.387Z (9 months ago)
Topics: base32, base64, permutation, rust
Language: Rust
Homepage: https://crates.io/crates/baseperm
Size: 85.9 KB
Stars: 3
Watchers: 3
Forks: 0
Open Issues: 3
Metadata Files:
- Readme: README.md
- License: LICENSE

Awesome Lists containing this project

README

baseperm
========

![license](https://raster.shields.io/badge/license-MIT%20with%20restrictions-green.png)
[![CI](https://github.com/woodruffw/baseperm/actions/workflows/ci.yml/badge.svg)](https://github.com/woodruffw/baseperm/actions/workflows/ci.yml)

A small tool for generating valid permutations of strings in base*N* alphabets.

## Theory of Operation

Many popular binary-to-printable serialization/encoding schemes use
alphabets whose bitnesses do not allow 8-bit bytes to fit evenly inside a symbol
(or multiple symbols):

* [base32](https://en.wikipedia.org/wiki/Base32): 5 bits
* [base64](https://en.wikipedia.org/wiki/Base64): 6 bits
* [base58](https://en.wikipedia.org/wiki/Base58): \~5.86 bits

Consequently, these encodings employ padding schemes to round their outputs to 8-bit multiples.

`baseperm` manipulates the padding bits in these encodings to produce distinct, valid encoded
forms that decode to the same input.

## Why?

Programmers frequently make the mistake of assuming that encoded representations have a 1-1
correspondence with their inputs. This results in all kinds of interesting, potentially exploitable
errors:

* Ratelimiting bypasses due to keying on the serialized form

* Dedeuplication and reuse bypasses

* Forced dictionary collisions

## Installation

`baseperm` is a single command-line program. You can install it using `cargo`:

```bash
cargo install baseperm
```

Or by building it locally:

```bash
git clone https://github.com/woodruffw/baseperm && cd baseperm
cargo build
```

## Usage

`baseperm` takes a permutation candidate on `stdin` and writes all permuted equivalent forms
to `stdout`, separated by newlines. The original input is also included in the output, and (RFC4648)
base64 is the default.

```bash
echo "hello!" | base64 | baseperm
```

Alternative encodings can be specified with `-e`, `--encoding`:

```bash
echo "hello!" | base32 | baseperm -e base32
```

See `baseperm -h` for a full list of supported encodings.