[Cryptography] Which big-name ciphers have been broken in living memory?

ianG iang at iang.org
Sat Aug 16 09:16:06 EDT 2014


On 16/08/2014 02:52 am, james hughes wrote:
> On 15 Aug 2014 11:37 +0100, from iang at iang.org (ianG):
>> Thanks for the update!  I'm still waiting for someone to report on which big-name algorithm got broken in living memory.
> 
> 
> My definition of "big-name algorithm got broken” is: Algorithms that were broadly deployed and deprecated because they do not longer provide the security expectation any more? On “the web” in my living memory... 
> 
> 56 bit DES
> 512 bit RSA
> RC4
> MD5
> SHA1


Yes, these are all deprecated.  Once deprecated, they live in the halls
of fame as an algorithm that served their purpose but are now marked for
not being used.

This is engineering, right?  Once the end of life is reached, we
shouldn't be using them.  Right?


> and my favorite, any non-PFS protocol.


(That would be a protocol, requirement thereof, not an algorithm.
Although there is a sense that things like CAESAR/AE algorithms are
moving up the stack, and the new black boxes are doing more, we aren't
anywhere close to slotting in black boxes for protocols as yet.)


> BTW, all are still being used.


Yes, separate problem.  The people that love this algorithm agility idea
love to *add* algorithms but have no process to take them away.

Just because there are some famous names out there still relying on
EOL/deprecated algorithms, doesn't change the basic situation.


>> you're probably better off focussing on the known roadkill not the zombies in hollywood movies.
> 
> 
> Nice!!! “Zombie algorithms”? I think you have coined a great new term for these “undead algorithms”! 


lol...  OK, point.  So what is it about the zombie algorithms?  Why do
they keep popping up?

Do we need NIST or IETF to put the dragonglass blade into them?  An RFC
that lists deprecated algorithms, updated on a yearly basis?

(That's a serious question, btw.  As far as I know, they don't have an
answer to the overall question...)


> Yes, Designing (or modifying) cryptographic algorithms should be accomplished by those skilled in that art (which I am not one). Taking an algorithm and doing random stuff to it claiming to "strengthen it", in many cases, has the opposite effect. For instance, randomizing the s-boxes in DES or changing the constants in AES. Sometimes simple things like lengthening the key, increasing the rounds, etc. can make an algorithm weaker. 
> 
> Yes, buffer overflows and RND snafu are the gift that keeps on giving for many reasons… I also agree that the majority of “you” (me included) should focus on roadkill.


;-)  The point we should be making is that the one thing we can trust is
the strength of the big-name algorithms.  They've never failed us,
within their design parameters (including EOL).

Everything else has failed us.  But not the basic algorithms.

iang


More information about the cryptography mailing list