|
|
|
|
|
|
by susam
445 days ago
|
|
|
I have encountered my fair share of in-house RC4 implementations from the 90s. Every single one of them was vulnerable in some way. They suffered from all kinds of issues: improper IV initialisation, predictable keystreams, and even partial leakage of plaintext into ciphertext. RC4's deceptively simple specification made it enticing to implement, giving developers a false sense of confidence and security. As another example, Microsoft Outlook 2003 infamously used CRC32 to "hash" the personal folder (.PST) passwords: <https://www.nirsoft.net/articles/pst_password_bug.html>. Naturally, it was trivial to find a CRC32 checksum collision and open someone else's PST. Thankfully, the industry has come a long way since then. These days, rolling your own cipher is, quite rightly, considered a red flag! |
|
|
Bonus marks for when the key was also "<Product>Key".