Sunday, June 7, 2009

Next Time I Write A Crypto SSO Module

Uh, yeah, right -- the next time I write a crypto SSO module I'll be sure to keep this Matasano post in mind. Um, right after I resolve the whole particle wave theory thingy.

CONFERENCE PHONE: So how’d he do?

THOMAS PTACEK: Pretty much aced it.

MIKE TRACY: What? He bombed the cookie part. He used ECB, MD5, and Triple DES!

THOMAS PTACEK: I’m impressed that he could spell ECB, MD5, or Triple DES. And it wouldn’t have mattered if he had used CBC, SHA-256, and AES-256. His code still would have been broken.

CONFERENCE PHONE: How so?

THOMAS PTACEK: He didn’t authenticate the message. Encryption isn’t —-

MIKE TRACY: (Chanting) Encryption - isn’t - authentication.

CONFERENCE PHONE: Don’t you mean integrity?

THOMAS PTACEK: No, Dave, I mean authentication. They’re called message authentication codes.

THOMAS PTACEK: There’s no way any programmer is ever going to get this stuff right.

NATE LAWSON: Professional crypto people don’t even get this stuff right. But if you have to encrypt something, you might as well use something that has already been tested.

THOMAS PTACEK: GPG for data at rest. TLS for data in motion.

NATE LAWSON: You can also use Guttman’s cryptlib, which has a sane API. Or Google Keyczar. They both have really simple interfaces, and they try to make it hard to do the wrong thing. What we need are fewer libraries with higher level interfaces. But we also need more testing for those libraries.

THOMAS PTACEK: Like I’ve been saying, if you have to type the letters “A-E-S” into your source code, you’re doing it wrong.

No comments:

LinkWithin

Related Posts with Thumbnails