From another security list: So I wanted to encrypt some files. Thought about using 7z+password. Stackexchange folks said "Didn't review it but it should be fine. You can browse the code yourself". So I did. After a few mins I noticed they use 8byte "random" IV. Yes, half of IV is zeroes. But it gets worse. [...] I thought about reporting this at 7zip Sourceforge forums but then I vomited again when I saw a long thread of largely incoherent exchanges on how 7z should be using Twofish instead of AES-256 because obviously NSA backdoored AES back in 2001 didn't you hear https://threadreaderapp.com/thread/1087848040583626753.html The post closes with a good summary of how a lot of current crypto works: Seems typical of crypto/security code reviews in general - a bunch of folks fighting over which hipster encryption/hashing/signing algos to use, while overlooking the most obvious vulns and holes visible to anyone with half a brain and a few mins to spare. Peter. _______________________________________________ The cryptography mailing list cryptography@metzdowd.com http://www.metzdowd.com/mailman/listinfo/cryptography

On 2/3/2019 6:07 PM, Peter Gutmann wrote: > The post closes with a good summary of how a lot of current crypto works: > > Seems typical of crypto/security code reviews in general - a bunch of folks > fighting over which hipster encryption/hashing/signing algos to use, while > overlooking the most obvious vulns and holes visible to anyone with half a > brain and a few mins to spare. So it seems that little has changed in the past two decades. -- Give a man a fire and he's warm for a day, but set | Tom Weinstein him on fire and he's warm for the rest of his life.| tomw@ryleth.com _______________________________________________ The cryptography mailing list cryptography@metzdowd.com http://www.metzdowd.com/mailman/listinfo/cryptography