|
Posted by Jochem Maas on 10/10/56 11:05
Greg Donald wrote:
> On Wed, 12 Jan 2005 18:09:08 +0100, Jochem Maas <jochem@iamjochem.com> wrote:
>
>>I'm no expert on crypto (and never will be either! designing good crypto
>>is something best left to the very very very very best in terms of
>>computer science) but I think that the following function represents
>>very weak crypto -
>
>
> Feel free to not use it then.. geez.
I should have emphasized the 'i think' part - i.e. I don't know for sure
either way (and I ain't gonna spend time finding out), I wasn't dissing
you or your work...
what I was trying to do was to point to people less capable than you
(e.g. not capable of writing functions like that) that writing good
crypto is HARD (like 6-people-on-the-planet-can-do-it-properly
-and-the-rest-are-faking-it-HARD) and f***ing it up is oh so easy.
Even using crypto correctly takes lots of effort, and it's not easy to
do properly.
>
>
>>which may very suffice, but one thing that could make
>>the whole lots fall apart is the fact that the key is kept in the
>>function itself - imagine the server has auto source-highlighting for
>>php files (when you add an 's' to a filename), if so anyone can readout
>>your key!
>
again I was merely trying to point out to less experienced PHPers that
there are lots of pitfalls.
>
> Imagine a world where there were no inexperienced sysadmins.
>
<JUST-CANT-RESIST>
Imagine a world where _certain_ (elite) American's didn't feel the need
to impose their 'freedom' and 'ideals' on everyone else, where money
isn't the driving force and materialism isn't the new religion, where
250,000 children don't service the sexual needs of perverted middle-aged
white men on a daily basisnand 3 billion people don't live below the
poverty just so that 2% of the global population can live in the lap of
luxury.
"Imagine all the people", Greg, and shove your inexperienced sysadmins
right up your....
</JUST-CANT-RESIST>
>
>>oh and Greg, you may just have told the world the key that you are
>>actually using!
>
>
> I made that one up just for the post. And even if I didn't.. good
well I didn't have my psychic hat on today ;-)
> luck finding the data.
I think I'll go play with my son instead.
>
>
Navigation:
[Reply to this message]
|