Boston Linux & UNIX was originally founded in 1994 as part of The Boston Computer Society. We meet on the third Wednesday of each month at the Massachusetts Institute of Technology, in Building E51.

BLU Discuss list archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Discuss] Good and Bad Crypto

On 04/23/2014 10:37 AM, Edward Ned Harvey (blu) wrote:
>> From: at [mailto:discuss-
>> at] On Behalf Of Jerry Feldman
>> that nearly any primate could break it.  We could have used DES because
>> we did use DES for part of the project. But, anyone who knows what they
>> are doing certainly would use a standard library implementation.
> Even DES isn't secure these days.  56 bit key, even if DES had no weaknesses, would be crackable by brute force with a laptop in a reasonable amount of time (hours? days? weeks?).  But DES also has some weaknesses that make its cryptographic strength closer to 37 bits.  If you know how to attack DES intelligently, this is extremely doable.
> 3DES is literally just 3 rounds of DES, with 3 different keys, bringing the total key material up to 168 bits and cryptographic strength around 112.  Which is generally still considered to be strong enough for nearly all purposes.
> How many years ago did you see the lower life form rolling his/her own crypto like an idiot?  I will actually be shocked if it's anytime within the last decade.  Unless it was just an archaic system put in place over a decade ago and still in operation today.
That was a while ago, I hope he joined the human race :-)
But, it was at a time when DES 56-bit was available and we could copy
the source code.

But even the code used for that product had some really stupid things.
For instance they had a large struct. They computed the size of the
array by taking the address of an int following the array and the start
of the array. (I guess they never heard of the sizeof operator. That
worked well on the current compiler, but if they used a newer compiler
it crashed because the new compiler moved things around. so:
struct foo;
int bar;
The int bar did not immediately follow foo. Compilers are free to move
variables anywhere unless they are grouped. I think some of that code
was written by interns who were just learning about C.

Jerry Feldman <gaf at>
Boston Linux and Unix
PGP key id:3BC1EB90 
PGP Key fingerprint: 49E2 C52A FC5A A31F 8D66  C0AF 7CEA 30FC 3BC1 EB90

BLU is a member of BostonUserGroups
BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Valid HTML 4.01! Valid CSS!

Boston Linux & Unix /