Re: Data Enryption

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Greg Donald wrote: 
On Wed, 12 Jan 2005 18:09:08 +0100, Jochem Maas <jochem@xxxxxxxxxxxxx> wrote:

I'm no expert on crypto (and never will be either! designing good crypto
is something best left to the very very very very best in terms of
computer science) but I think that the following function represents
very weak crypto -


Feel free to not use it then.. geez.

I should have emphasized the 'i think' part - i.e. I don't know for sure either way (and I ain't gonna spend time finding out), I wasn't dissing you or your work...

what I was trying to do was to point to people less capable than you (e.g. not capable of writing functions like that) that writing good crypto is HARD (like 6-people-on-the-planet-can-do-it-properly -and-the-rest-are-faking-it-HARD) and f***ing it up is oh so easy.
Even using crypto correctly takes lots of effort, and it's not easy to do properly.



which may very suffice, but one thing that could make
the whole lots fall apart is the fact that the key is kept in the
function itself - imagine the server has auto source-highlighting for
php files (when you add an 's' to a filename), if so anyone can readout
your key!


again I was merely trying to point out to less experienced PHPers that there are lots of pitfalls.


Imagine a world where there were no inexperienced sysadmins.


<JUST-CANT-RESIST>
Imagine a world where _certain_ (elite) American's didn't feel the need to impose their 'freedom' and 'ideals' on everyone else, where money isn't the driving force and materialism isn't the new religion, where 250,000 children don't service the sexual needs of perverted middle-aged white men on a daily basisnand 3 billion people don't live below the poverty just so that 2% of the global population can live in the lap of luxury.
"Imagine all the people", Greg, and shove your inexperienced sysadmins right up your....
</JUST-CANT-RESIST>


oh and Greg, you may just have told the world the key that you are
actually using!


I made that one up just for the post. And even if I didn't.. good 

well I didn't have my psychic hat on today ;-)

luck finding the data. 

I think I'll go play with my son instead.




--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux