Hacker News new | ask | show | jobs
by 1970-01-01 145 days ago
It means you should not use it for anything important, because it can be decrypted by the public with little effort. If you look back, it has been this way for quite awhile. My gripe is with the clickbait title 'Break Me If You Can'

https://nvd.nist.gov/vuln/detail/cve-2016-2183
2 comments
tostrstrudel 145 days ago
BREAKMEIFYOUCAN! is the default factory key programmed into every MIFARE Ultralight C chip by NXP.
link
1970-01-01 145 days ago
Ok that makes much more sense.
link
tptacek 145 days ago
How exactly would you decrypt a 3DES ciphertext "with little effort"?
link
1970-01-01 145 days ago
It's supported in hashcat
link
some_furry 145 days ago
Is this a bit?
link
1970-01-01 145 days ago
Have you tried it?
link
some_furry 145 days ago
We're talking about symmetric ciphers and you're talking about password cracking software.

Triple-DES has 168 bit keys. Even if you use a meet-in-the-middle attack, your attack cost has an exponent of 112 (with an associated memory cost with an exponent of 88).

That's not practically exploitable today.

If you think I'm wrong, here's a single block message encrypted with 3DES, then hex-encoded. Have fun:

  924db449f52ea976
But really, the bigger problem is Sweet32.
link