BLU Discuss list archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Discuss] Good and Bad Crypto
- Subject: [Discuss] Good and Bad Crypto
- From: gaf at blu.org (Jerry Feldman)
- Date: Wed, 23 Apr 2014 15:05:27 -0400
- In-reply-to: <057204d2a102406cbbcb2f5d1c77783b@CO2PR04MB684.namprd04.prod.outlook.com>
- References: <14b5446b65314ece8402914040d7efb6@CO2PR04MB684.namprd04.prod.outlook.com> <5355DA7B.4070600@gmail.com> <f134eeeef944486ca75cd35da6f930e7@CO2PR04MB684.namprd04.prod.outlook.com> <5357BF11.2050702@blu.org> <057204d2a102406cbbcb2f5d1c77783b@CO2PR04MB684.namprd04.prod.outlook.com>
On 04/23/2014 10:37 AM, Edward Ned Harvey (blu) wrote: >> From: discuss-bounces+blu=nedharvey.com at blu.org [mailto:discuss- >> bounces+blu=nedharvey.com at blu.org] On Behalf Of Jerry Feldman >> >> that nearly any primate could break it. We could have used DES because >> we did use DES for part of the project. But, anyone who knows what they >> are doing certainly would use a standard library implementation. > Even DES isn't secure these days. 56 bit key, even if DES had no weaknesses, would be crackable by brute force with a laptop in a reasonable amount of time (hours? days? weeks?). But DES also has some weaknesses that make its cryptographic strength closer to 37 bits. If you know how to attack DES intelligently, this is extremely doable. > > 3DES is literally just 3 rounds of DES, with 3 different keys, bringing the total key material up to 168 bits and cryptographic strength around 112. Which is generally still considered to be strong enough for nearly all purposes. > > How many years ago did you see the lower life form rolling his/her own crypto like an idiot? I will actually be shocked if it's anytime within the last decade. Unless it was just an archaic system put in place over a decade ago and still in operation today. > > That was a while ago, I hope he joined the human race :-) But, it was at a time when DES 56-bit was available and we could copy the source code. But even the code used for that product had some really stupid things. For instance they had a large struct. They computed the size of the array by taking the address of an int following the array and the start of the array. (I guess they never heard of the sizeof operator. That worked well on the current compiler, but if they used a newer compiler it crashed because the new compiler moved things around. so: struct foo; int bar; The int bar did not immediately follow foo. Compilers are free to move variables anywhere unless they are grouped. I think some of that code was written by interns who were just learning about C. -- Jerry Feldman <gaf at blu.org> Boston Linux and Unix PGP key id:3BC1EB90 PGP Key fingerprint: 49E2 C52A FC5A A31F 8D66 C0AF 7CEA 30FC 3BC1 EB90
- References:
- [Discuss] Good and Bad Crypto
- From: blu at nedharvey.com (Edward Ned Harvey (blu))
- [Discuss] Good and Bad Crypto
- From: tmetro+blu at gmail.com (Tom Metro)
- [Discuss] Good and Bad Crypto
- From: blu at nedharvey.com (Edward Ned Harvey (blu))
- [Discuss] Good and Bad Crypto
- From: gaf at blu.org (Jerry Feldman)
- [Discuss] Good and Bad Crypto
- From: blu at nedharvey.com (Edward Ned Harvey (blu))
- [Discuss] Good and Bad Crypto
- Prev by Date: [Discuss] Good and Bad Crypto
- Next by Date: [Discuss] Good and Bad Crypto
- Previous by thread: [Discuss] Good and Bad Crypto
- Next by thread: [Discuss] Good and Bad Crypto
- Index(es):
