Looking for a Triple DES implementation

Derek Atkins warlord-DPNOqEs/LNQ at public.gmane.org
Thu Jun 14 17:51:59 EDT 2007


"David Kramer" <david-8uUts6sDVDvs2Lz0fTdYFQ at public.gmane.org> writes:

>>>> Also, what MODE are you using?  CFB?  CBC?
>>>
>>> ECB
>>
>> So you're only encrypting something less than 8 bytes long?
>
> No, it's 23 bytes long (24 with padding).
>
> From what I read online (I've been doing that a lot since I sent my first
> email on the subject), ECB mode can encrypt strings more than 8 bytes
> long, it just does it one 8-byte block at a time.  I assume they get
> concatenated or something.  This is why the padding is important.  But I
> would be happy to be told I'm wrong here.

The problem with multi-block ECB is that there's nothing tying the
blocks together.  Each cipherblock is completely independent.  For
example, if your message said something like:

  transfer $10
  |1234567|123XXXX

I could change it to:

  transfer $10000

All I need to do is somehow get you to encrypt the string " $10000"
and then I can cut-and-paste it into your transfer message and viola.
If, however, you were using CFB or, better yet, CBC, then the different
blocks are actually tied together and two encryptions of " $10000" would
actually result in different ciphertexts, so you aren't subject to this
attack.

>> And this code proves to me that this guy should be fired on the spot,
>> or at least be removed from doing anything related to security.  It's
>> guys like this that write security snake-oil.
>>
>> * throws up his hands in complete disgust *
>
> I found out this morning that he basically found some code on a website
> somewhere and pasted it into his code.  He didn't really understand the
> code himself.  I won't go so far to say that it's a fireable offense (I
> prefer Double Secret Probation, AKA code reviews).  I copied code to get
> the PHP side working, but I copied it from the PHP website, and I looked
> at the documentation for each of the functions so I knew what the code
> did.

Not understanding security code is a BIG no-no, and IMNSHO should be
a firable offense.  If you don't understand, you should ask someone
or find someone who does.   Granted, I've been in the software security
industry since before such an industry existed (I've been in Security
since 1990), so I'm perhaps a little biased.  I've been paid upwards of
$400/hr to fix these kinds of problems after companies have lost real
money due to poor use of cryptography.

> I investigated his code further, and found he was running the output
> through Base64 to get printable characters.  I then read up on what PKCS7
> padding was.  PHP already has a Base64 function, and implementing KKCS7
> took 10 minutes.
>
> Now my output matches his, and I'm all set.  I do appreciate your help. 
> Thank you.

I'm glad you got it working, but my free advice is to change from ECB
to CBC and use an IV.

Good Luck,

-derek
-- 
       Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
       Member, MIT Student Information Processing Board  (SIPB)
       URL: http://web.mit.edu/warlord/    PP-ASEL-IA     N1NWH
       warlord-DPNOqEs/LNQ at public.gmane.org                        PGP key available

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.






More information about the Discuss mailing list