Crypto can be used to do sleek, sexy things. Privatize information. Ensure data integrity. Dice onions. But it sucks, and here's why:
- Hackers use crypto to store their uber hush-hush topsy kretts.. but spew all their information after 4 drinks at a Toorcon party.
- The three letter agencies don't care about your crypto, because they've owned your box and watched you type in the password.
- Cryptographers have been known to write insecure code. Nice strcpy into your key_buf[], homie.
- Developers have been known to think they're cryptographers:
#define MY_KEY "lololol!"
void encrypt(char *data, char *cipher, int len)
{
int i;
/* nice. */
for (i = 0; i < len; ++i) cipher[i] = data[i] ^ MY_KEY[i % 8];
}
- Developers sometimes do use well established, certified crypto in their code... and then store the symmetric key in #define TOPSY_KRETTS.
So what do we do about it? I have a secret 0day crypto algorithm I'm releasing right here:
void secretz(char *source, *char dest, int len)
{
int i;
if (len == 5)
return;
for (i = 0; i < len; ++i)
{
dest[i] = (((((((source[i] ^ 5) & 0xff) ^ i) & 0xff) ^ i) & 0xFF) ^ 5) / voodoo[i % infinity];
}
exit(1);
return 4;
}
That should do it. I'm pretty sure its clownz.
Thursday, November 8, 2007
Subscribe to:
Posts (Atom)
