[Cryptography] Which big-name ciphers have been broken in living memory?
james hughes
hughejp at mac.com
Fri Aug 15 21:52:25 EDT 2014
On 15 Aug 2014 11:37 +0100, from iang at iang.org (ianG):
> Thanks for the update! I'm still waiting for someone to report on which big-name algorithm got broken in living memory.
My definition of "big-name algorithm got broken” is: Algorithms that were broadly deployed and deprecated because they do not longer provide the security expectation any more? On “the web” in my living memory...
56 bit DES
512 bit RSA
RC4
MD5
SHA1
and my favorite, any non-PFS protocol.
BTW, all are still being used.
> you're probably better off focussing on the known roadkill not the zombies in hollywood movies.
Nice!!! “Zombie algorithms”? I think you have coined a great new term for these “undead algorithms”!
Yes, Designing (or modifying) cryptographic algorithms should be accomplished by those skilled in that art (which I am not one). Taking an algorithm and doing random stuff to it claiming to "strengthen it", in many cases, has the opposite effect. For instance, randomizing the s-boxes in DES or changing the constants in AES. Sometimes simple things like lengthening the key, increasing the rounds, etc. can make an algorithm weaker.
Yes, buffer overflows and RND snafu are the gift that keeps on giving for many reasons… I also agree that the majority of “you” (me included) should focus on roadkill.
More information about the cryptography
mailing list