|
|
|
|
|
|
by bob1029
1262 days ago
|
|
|
> This prompted South Korea to develop their own cryptographic solutions. I've had an opportunity to interact directly with Korean security culture in my time working for Samsung. I am sure there exists more secure examples out there, but I saw some extremely bad practices like trivially-reversible password shuffling used throughout the entire org. Anyone with access to a certain manufacturing database and knowledge of a particular stored procedure could immediately reverse all passwords and typically use them to go sideways into other engineering/facility systems. They always seemed substantially more interested in the theatrical aspects of security than focusing on any first principles. Lots of time was spent talking about reactionary crap like a fleet of hardware ARP sniffers installed throughout the network. Not a lot of time was spent talking about PBKDFs, system boundaries and determinism. |
|
|
- https://en.wikipedia.org/wiki/SEED - https://en.wikipedia.org/wiki/ARIA_(cipher)
Of course, it's close to technology debt now.