“We don't need to break DES, because the implementations are so poor”
A surprising quote from the NSA? When I majored on this stuff DES was safe. However DES has been cracked/hacked and is considered unsafe nowadays (That’s why they use things like tripleDES). For the record: the DES algorithm is often implemented in hardware because it outperforms the software implementations by a factor. I wouldn’t call these hardware implementations pour. BTW: the security requirements of DES were kept secret by instigation of the NSA!
in reply to Re: Storing credentials in a cross-platform binary file?
in thread Storing credentials in a cross-platform binary file?
I think the quote referenced was actually talking about the fact that most times expensive crypto breaking is the hard route to take when looking for the data -- most times there are other simple paths to take to get at the data. The systems implementation, procedure and policy usually left gaping holes to exploit before needing to crack the crypto.