Looking for a Triple DES implementation
David Kramer
david-8uUts6sDVDvs2Lz0fTdYFQ at public.gmane.org
Thu Jun 14 23:09:08 EDT 2007
Robert L Krawitz wrote:
> The point is that code reviews by other people who can read code but
> who don't understand the problem domain *in detail* aren't helpful.
> Knowing what the code does isn't useful if you don't understand what
> the entire system has to do.
You are preaching to the choir. I am a big Agile guy. That's not the
way things work in my current company, though, and that's not going to
change.
> Not understanding security code is a BIG no-no, and IMNSHO should be
> a firable offense. If you don't understand, you should ask someone
> or find someone who does. Granted, I've been in the software security
> industry since before such an industry existed (I've been in Security
> since 1990), so I'm perhaps a little biased. I've been paid upwards of
> $400/hr to fix these kinds of problems after companies have lost real
> money due to poor use of cryptography.
I am walking a fine line here because I would rather not talk ill of my
company or my co-worker. I am also in a different group than he is, but
I plan on bringing this up with the appropriate people. There are
several problems here that I hope to address; the code is just a small
part of it.
> It's one of those specialties that really demands an expert who
> understands security in the entire depth. A strong encryption
> algorithm used improperly may be hardly better than nothing at all;
> ECB when you need to encrypt more data than the length of a code
> symbol is basically a glorified ROT13 (a simple substitution cypher).
> I say this as one who is an experienced software engineer, but not a
> security expert -- I would certainly not trust myself with security
> code.
I've done some limited, low-risk crypto work. I've implemented
weak(ish) crypto in non-critical applications (eg: the crypto is more
like a way of generating a hash than keeping something secret), but even
then I outlined the flaws so anyone else reading the code knew them.
This talk of absolutes and black and white is reminiscent of the MySQL
discussion that is thankfully winding down.
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
More information about the Discuss
mailing list