[Cryptography] But it's encrypted so it must be OK

Fri Oct 27 01:28:24 EDT 2023

So I get email asking why it's not possible to decrypt some EDI financial
messages (it was a problem with the RSA key transport section, not the later
symmetric crypto part).  They send me one of the messages and dumpasn1
reveals:

 518    8:           OBJECT IDENTIFIER rc2CBC (1 2 840 113549 3 2)
 528   14:           SEQUENCE {
 530    2:             INTEGER 160
 534    8:             OCTET STRING CE B2 A4 28 1E 29 7A 70
         :             }
         :           }

For those who can't read AlgorithmIdentifiers, that's 40-bit RC2, circa 1987.
Being used today, in financial EDI.

I suggested they just ignore the RSA part and brute-force the 40-bit key on
each message.

Peter.