Go choke on a bucket of cocks
Sep. 4th, 2006 06:41 am![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
ciphergothI've posted before about the generally dreadful nature of cryptographic products. Yesterday I got into an argument on bloody Slashdot with a developer about whether he should try to use good crypto or not. Now, unlike ![[livejournal.com profile]](https://www.dreamwidth.org/img/external/lj-userinfo.gif)
jwz I can see that he's not the only one with attitude in this thread, but the result still gets me down.
http://slashdot.org/comments.pl?sid=195651&cid=16032881
Next time you use something that uses crypto, bear in mind that it was probably written by the likes of this guy.
jwz I can see that he's not the only one with attitude in this thread, but the result still gets me down.http://slashdot.org/comments.pl?sid=195651&cid=16032881
Next time you use something that uses crypto, bear in mind that it was probably written by the likes of this guy.
![[identity profile]](https://www.dreamwidth.org/img/silk/identity/openid.png){kind=small}
no subject
Date: 2006-09-04 05:56 am (UTC)defensive shields up!
Date: 2006-09-04 08:52 am (UTC)In a sad way.
no subject
Date: 2006-09-04 09:14 am (UTC)There is a certain amount of that sort of attitude among embedded system programmers I have known - very much a "I have to code in less space and less cycles than you, therefore dont try to question how I do things".
Theres very much a "it's not possible to do X in an embedded system" attitude floating around, which usually turns out to be false. I had the same argument about writing object-oriented code for embedded systems. Everyone said "you cant do that. It doesnt work in embedded systems. It'll be too slow". Turns out the answer is.. "Not if you do it right".
no subject
Date: 2006-09-04 09:48 am (UTC)no subject
Date: 2006-09-04 11:23 am (UTC)no subject
Date: 2006-09-04 11:33 am (UTC)Mistake #2: Replying to them.
and of course
Mistake #0: Reading Slashdot.
no subject
Date: 2006-09-05 09:36 am (UTC)no subject
Date: 2006-09-04 01:40 pm (UTC)Perhaps I am missing something, but is there a need for unpredictable IVs? They should be unique, but wouldn't a counter be adequate, assuming you had sufficient locking to ensure no repetition?
On single pass encryption and authentication, I recently was reading about IGE mode, implemented in OpenSSL. It only needs an extra xor over CBC so looks pretty good.
no subject
Date: 2006-09-04 01:57 pm (UTC)IGE mode has been proposed several times with different names over the years; I proposed it about nine years ago and called it SBC, then discovered that Michael Brown at Dublin University had proposed it about eighteen months earlier and called it X-CBC. ABC seems to be an interesting extension. However, many similar attempts to build one-pass authenticated-encryption modes of operation have been broken, and as a result these days people tend to demand a proof of security. All the modes I'm advocating, as well as other patent-encumbered modes such as OCB, come with such a proof. I think it would be foolhardy to opt for a mode that does not have such a proof. The extra cost of GGM over CBC is pretty small - a single multiply in GF(2^128). And unlike CBC, GGM is parallelizable.
no subject
Date: 2006-09-04 02:09 pm (UTC)http://www-cse.ucsd.edu/users/mihir/papers/olc.html
Oh no they aren't!
Date: 2006-09-06 10:45 am (UTC)Re: Oh no they aren't!
Date: 2006-09-06 09:41 pm (UTC)Incidentally, I don't usually unscreen anonymous comments; please at least sign with a nom. Thanks!
no subject
Date: 2006-09-04 11:29 pm (UTC)