Cryptanalysis: a stunning display of bad security design
Triple DES, commonly referred to as 3DES, is a perfectly acceptable and well understood stream cipher. It was one of the algorithms I studied when I took a cryptography course last year.
During that course, Prof. Boneh hammered into us that as cryptology amateurs, we should never desgin our own cyrptographic solutions, even when using well understood primitiives. Such as 3DES, or AES, or SHA256. Mistakes in design can permit an attacker to obtain partial plaintext, partial keys, or critical information permitting them to derive partial plaintext or keys.
You may have heard the news that Adobe disclosed a loss of 3 million encrypted passwords. You may also have heard that they underreported the loss by a factor of 20 -- that the password database that was published online actually lists 150 million userids, Email addresses, password hints and encrypted passwords. You might also have received an Email from Adobe in October about the disclosure, as I did.
The 3DES cipher is excellent, for its intended purpose. Its choice for static information, or data at rest, was excoriable. Its implementation in Adobe's database was nothing short of excrement.
This morning, there was an article on Bruce Schneier's blog, that pointed to a fascinating cryptanalysis by Paul Ducklin, who contributes to the Naked Security column at Sophos. His column, Anatomy of a password disaster - Adobe's giant-sized cryptographic blunder, is intended for the lay reader, and is clear, understandable, and compelling. You do not need to have a background in cryptography to understand it.
Everyone who uses the Internet should read it.
Don't read it just to enjoy Adobe's ineptitude, which is devastatingly, mind bogglingly fun to read about and understand.
Read it because there will be future ill-conceived solutions, and these could be solutions we devise ourselves.
Read it because we all need to understand that we never know how well protected any information is, in the event it is disclosed. Whether that information is in the trust of others, or our own.
And, read it because we should all be cognizant of just how easy cryptanalysis is when the same key is reused for the same information.
|Thread||Thread Starter||Forum||Replies||Last Post|
|The Design and Implementation of the FreeBSD Operating System||cajunman4life||Book reviews||9||27th July 2013 04:04 PM|
|Home LAN design help.||silex||OpenBSD General||0||15th December 2012 09:40 AM|
|SilverStripe CMS 3.0 arrives with new interface design||J65nko||News||0||3rd July 2012 07:22 AM|
|HTTP cookies, or how not to design protocols||J65nko||News||2||31st October 2010 07:39 AM|
|Design & Implementation 4.4 BSD vs FreeBSD||m3t4tr0n||Book reviews||8||6th August 2010 11:02 PM|