Looking for a Triple DES implementation

Robert L Krawitz rlk-FrUbXkNCsVf2fBVCVOL8/A at public.gmane.org
Thu Jun 14 20:45:13 EDT 2007


   From: Derek Atkins <warlord-DPNOqEs/LNQ at public.gmane.org>
   Date: Thu, 14 Jun 2007 17:51:59 -0400

   >> And this code proves to me that this guy should be fired on the spot,
   >> or at least be removed from doing anything related to security.  It's
   >> guys like this that write security snake-oil.
   >>
   >> * throws up his hands in complete disgust *
   >
   > I found out this morning that he basically found some code on a website
   > somewhere and pasted it into his code.  He didn't really understand the
   > code himself.  I won't go so far to say that it's a fireable offense (I
   > prefer Double Secret Probation, AKA code reviews).  I copied code to get
   > the PHP side working, but I copied it from the PHP website, and I looked
   > at the documentation for each of the functions so I knew what the code
   > did.

The point is that code reviews by other people who can read code but
who don't understand the problem domain *in detail* aren't helpful.
Knowing what the code does isn't useful if you don't understand what
the entire system has to do.

   Not understanding security code is a BIG no-no, and IMNSHO should be
   a firable offense.  If you don't understand, you should ask someone
   or find someone who does.   Granted, I've been in the software security
   industry since before such an industry existed (I've been in Security
   since 1990), so I'm perhaps a little biased.  I've been paid upwards of
   $400/hr to fix these kinds of problems after companies have lost real
   money due to poor use of cryptography.

Security is one of those things that cannot be done in isolation --
there has to be a full end-to-end architecture, high level and
detailed design, and careful implementation for everything that's part
of the security chain.  The security chain must be flawless with
respect the requirements.  The reason is that any flaw is a potential
attack vector -- remember that security code is intended to be proof
against outright hostile attacks -- and any attack against the
security potentially compromises the entire security chain.  Derek's
right.

It's one of those specialties that really demands an expert who
understands security in the entire depth.  A strong encryption
algorithm used improperly may be hardly better than nothing at all;
ECB when you need to encrypt more data than the length of a code
symbol is basically a glorified ROT13 (a simple substitution cypher).
I say this as one who is an experienced software engineer, but not a
security expert -- I would certainly not trust myself with security
code.

Think of it as having to transport 10 lb of hydrofluoric acid.  Would
you put it in a secure shatterproof glass jar (glass is very resistant
to most chemical attacks, much more so than metal or plastic), mount
it in a sturdy shock absorbing frame and put it in your car, or would
you look it up on wikipedia, or would you find a real expert in this
to do it for you?

-- 
Robert Krawitz                                     <rlk-FrUbXkNCsVf2fBVCVOL8/A at public.gmane.org>

Tall Clubs International  --  http://www.tall.org/ or 1-888-IM-TALL-2
Member of the League for Programming Freedom -- mail lpf-BtI67efEdsDk1uMJSBkQmQ at public.gmane.org
Project lead for Gutenprint   --    http://gimp-print.sourceforge.net

"Linux doesn't dictate how I work, I dictate how Linux works."
--Eric Crampton

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.






More information about the Discuss mailing list