Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Not the Jabber/OTR thing. The decentralized nature of Jabber was pretty overblown, more something she wanted to be true and meaningful than something that actually was meaningful, but: whatever, it's 2011 at that point.

It's the OpenSSL command line that I'm taking issue with.



In the interest of learning, what's the issue with the OpenSSL command?


First, don't encrypt things directly with OpenSSL.

Second, they're using unauthenticated AES-CBC, so an attacker that knows what file format they're sending can flip bits to exploit bugs and pop calc.exe on them.

Third, reprising the first problem: using OpenSSL to encrypt means you're using OpenSSL's weak password KDF. In fact, I think the defaults when they were using this were single-iteration hash KDF; essentially: salted hashes.

This is like the one application where GPG actually still makes sense to use, and GPG is easier to use here than OpenSSL in addition to being safer.

OBVIOUSLY NONE OF THIS MATTERS. My issue with the article isn't "it recommends weak crypto". My issue is that despite the title, it isn't actually about crypto or surveillance or anything like that.


The article does this:

    > openssl aes-256-cbc -a -salt -in for-you.mp3 -out for-you.mp3.enc
Here's the KDF for that (in PHP):

    $round1 = hex2bin(md5($pwd . $salt));
    $round2 = hex2bin(md5($round1 . $pwd . $salt));
    $round3 = hex2bin(md5($round2 . $pwd . $salt));
    $key = $round1 . $round2;
    $iv = $round3;
It still defaults to that (I'm on Ubuntu 16.04):

    $ openssl version
    OpenSSL 1.0.2g  1 Mar 2016


Ow.


It's just a poetic title - Love in the Time of Cholera isn't about epidemiology either.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: