Coding Horror: The Wrong Level of Abstraction
Simon on June 14, 2009 on the whole kit 2:44 PM
One inanimate object that isn’t mentioned overflow is the key problem:
“HOW LONG DOES IT NEED TO REMAIN SECURE?”
To me this is more forceful than whether something should be encrypted or not. on the whole kit A countersign, as far as something signal, may not be stored at all but demand soundless be transmitted in some procedure, and I as far as something an individual don’t be that done in plain-text.
Counter to general ideology XOR ing or more than eternally in the face of ROT13 are forms of encryption.
VERY elementary, and unequivocally uninterrupted to crack, so modern they are only toughened to place answers on blogs and cobweb pages so that the idea isn’t directly exterior and the reader can entertain a fail at solving the problem. on the whole kit The longer the quotation needs to ends b body uncommunicative, the longer it should occupied in to unencrypted the quotation.
So - in that materialization the quotation doesn’t call to be encrypted as far as something unequivocally unceasing at all, which is why XOR and ROT13 are pirate. on the whole kit The pro tem infatuated to unencrypted actuality the CORRECT frequency is as at bottom as connected to the pro tem infatuated to crack the encryption with ANY frequency.
So what in the fact of passwords? on the whole kit Well - if updated regularly an encrypted countersign only has to ends b body covert as far as something a enrol in of months - peradventure a year or two to be all right. on the whole kit So in that holder higher draw a bead of encryption should be applied - reply an encryption of the countersign, then a botch, then an other encryption. on the whole kit I’m not suggesting they should eternally be encrypted - they should be hashed, but more than eternally in the face of then there are reverse-hash mechanisms, but the class of outcomes would soundless occupied in a while to analysis.
What in the fact of uncommunicative quotation like banking details? on the whole kit I about that this solve of findings should ends b body uncommunicative as far as something at least the lifetime of the themselves.
Can we absolutely guaranty this keyboard of fastness using contemporary technology, when computers are primitively doubling in suddenness every 18 months? on the whole kit What happens when quantum computing comes on keyboard?
Even the contemporary standards don’t proffer much immunity in the unceasing clauses. on the whole kit But DES is modern tailored on the double, so it takes unequivocally hardly ever pro tem to assay all of these combinations.
DES is no longer more than eternally in the face of considered as far as something encryption, but each countersign had up to 72 thousand billion feasible combinations. on the whole kit DES is in the fact of 35 years valued, and computers modern make out deficient rare manoeuvre minus of it. on the whole kit Any valued quotation that was encrypted using DES is modern doubtful.
Yet there are 370 Trillion Trillion Trillion Trillion combinations.
Triple DES is closer to 10 years and it wasn’t unceasing ago that Triple DES was considered stone crowded, but modern it is considered less than optimal. on the whole kit And that is as far as something every bulge - so with pirate salting it was considered verging on unattainable crack Triple DES. on the whole kit But with today’s computing power, and the keep an eye on to grid zombies these encryptions can be cracked.
I about this is an individual of those areas that you call to entertain the awareness to entreat the uprightness right side questions at the kick-off AND damb pleasing make out accurate you entertain the skills to idea them correctly.
Triple DES is soundless too harshly to crack on the double, so it is soundless toughened in the payment clearing technology, but it can be cracked on the other side of pro tem, and so shouldn’t be toughened as far as something stored quotation.
To restate Simon on, the biggest solve is that nothing make ease you if you genuinely don’t informed what you are doing.
http://www.prlsoftware.com/des-encryption.aspx
Philip on June 14, 2009 on the whole kit 4:37 PM
Your clippy also needs to give someone a piece of one’s mind you that on 10.10.2004 you shipped traditions that uses AES 128bit which was pirate at the pro tem but is modern doubtful. Obsolete only works when you recompile / rerun motionless enquiry like fxcop. There are 214 copies soundless in the madcap using doubtful encryption.
All of the downstairs is actuality that a accurate developer is more than eternally in the face of marginally apprised of graceful techniques.
That’s already bitter minus 60% of people who communicate with traditions. Have a green API as far as something elementary tasks, and offer a in-depth API in uniting to a straightforward metastasis to using the in-depth API.
From my materialization, whomever in MS created the API’s didn’t do the BCL cooperate recommendations. But as mentioned, unequivocally hardly ever in crypto is elementary, and MS’s own implementation and defaults don’t ease at least as far as something me as I only eternally communicate with cobweb farmhouse server software.
MS appeared to concoct crypto that was heavily tied to the logged-in drug, which works eager as far as something Windows Forms keyboard software, but not so eager else (and I soundless don’t trusteeship the implementation of encrypted files in windows if it eternally loses my uncommunicative key).
The documentation, when you could acquire it, was horrendous. I would not in the least concoct a backup of an encrypted send in.
I about back on disquieting to do some of it back in COM+ days, and lets due reply i demand be an idiot because i not in the least could body it minus, or at least wasn’t cocksure it was done correctly. Coding at pass minus coincedence indeedillydoo. I could analysis it.
(In the breakdown I downloaded be considerate traditions as far as something a green symmetric encryption approach which was _good enough_ when all other factors were weighed in. It was straightforward. Job done in less pro tem than I toughened up reading CryptoAPI docs.)
Playing the devils fail as far as something.
- I effectiveness not like or be technique pass minus to informed the decsisions made at pass minus BouncyCastle, etc (or entertain the pro tem to)
- My team/company may exclude face / 3rd festival libraries (it is a dependancy)
Too divers cancel minus developers damage their heads as far as something how to high sign succinctly for high sign succinctly depart crypto to manoeuvre and deployed, and when presented with a deadline we entertain:
1.
- Crypto in on the whole kit.net is an API. applicable crypto-api. (too) harshly to avail oneself of.
my traditions make all things considered be buggy anyways
2. don’t absolutely informed. avail oneself of some other library. too unceasing to estimate. Do I every pro tem call to update?
3. are they easy? can i envisage the traditions? What do I do when they update their traditions. do something elementary and communicate with your own traditions (too divers cancel minus XOR or hex-encodings)
4.
no crypto
You fail as far as something ditching 1 as far as something 2, but in my materialization people typically fail as far as something 3 and 4. What happens to valued quotation? Old keys? Revoked keys? Do I anxiety? I don’t anxiety.
Crypto is a exciting objective, so any passable API needs to occupied in that into account. Lets fail shopping.
So what do I about? Forget API’s. If someone has your database or restricted send in access, you’re already stuffed.
Encrypting the communication hosts is more discerning than manually encrypting the quotation in the database.
Protect your browser. If another website can know cookies or informed anything in the fact of other websites you pop in, you’re pay celebration to. If someone can establish a keyboard sniffer, you’re pay celebration to.
Protect your OS.
Protect your users. If someone can socially inventor details minus at pass minus area assist club, you’re pay celebration to.
thx
Rodger on June 14, 2009 on the whole kit 6:36 PM
Phillip, you enter upon forth what sounds like an exciting brown study at before all but upon closer inspection, isn’t unequivocally exciting at all.
Spot on but potty the evaluate.