View Single Post
  #1   (View Single Post)  
Old 13th November 2013
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 7,977
Default Cryptanalysis: a stunning display of bad security design

Some background

Triple DES, commonly referred to as 3DES, is a perfectly acceptable and well understood stream cipher. It was one of the algorithms I studied when I took a cryptography course last year.

During that course, Prof. Boneh hammered into us that as cryptology amateurs, we should never desgin our own cyrptographic solutions, even when using well understood primitiives. Such as 3DES, or AES, or SHA256. Mistakes in design can permit an attacker to obtain partial plaintext, partial keys, or critical information permitting them to derive partial plaintext or keys.


The news

You may have heard the news that Adobe disclosed a loss of 3 million encrypted passwords. You may also have heard that they underreported the loss by a factor of 20 -- that the password database that was published online actually lists 150 million userids, Email addresses, password hints and encrypted passwords. You might also have received an Email from Adobe in October about the disclosure, as I did.

The 3DES cipher is excellent, for its intended purpose. Its choice for static information, or data at rest, was excoriable. Its implementation in Adobe's database was nothing short of excrement.

This morning, there was an article on Bruce Schneier's blog, that pointed to a fascinating cryptanalysis by Paul Ducklin, who contributes to the Naked Security column at Sophos. His column, Anatomy of a password disaster - Adobe's giant-sized cryptographic blunder, is intended for the lay reader, and is clear, understandable, and compelling. You do not need to have a background in cryptography to understand it.

Everyone who uses the Internet should read it.

Don't read it just to enjoy Adobe's ineptitude, which is devastatingly, mind bogglingly fun to read about and understand.

Read it because there will be future ill-conceived solutions, and these could be solutions we devise ourselves.

Read it because we all need to understand that we never know how well protected any information is, in the event it is disclosed. Whether that information is in the trust of others, or our own.

And, read it because we should all be cognizant of just how easy cryptanalysis is when the same key is reused for the same information.
Reply With Quote