Defeating AES Without a PhD

/defeating-aes-without-a-phd 2013-01-22T11:12:15+00:00

When I tell a developer that I broke their cryptosystem, there’s usually a pregnant pause in the conversation where they take it in, like a young child being shown a magic trick. As the initial wonder passes, though, they are not usually elated.

“I thought AES was safe. What should I use instead?”

Sorry, but AES isn’t the issue. AES, despite its very minor known flaws, isn’t considered unsafe as of this writing. 6-inch thick steel walls are difficult to break through, but that’s not generally how you get past steel walls. One goes around, under, above them, not through.
Defeating AES without a PhD - SpiderLabs Anterior

Interesting little piece on decrypting what appears to be a well encrypted parameter. If you're a web developer who's passing encrypted data around through parameters, take note of the post-mortem section.

Copyright © 2005 - 2018 Colin Seymour All rights reserved. Privacy Policy.
Check out the feed if you do the RSS/Atom thing.