Monday, October 17, 2022

Flunking Cryptography 101

from here and here

The revelation that Microsoft Office uses ECB (electronic codebook) mode for it's encryption (not just now but as far back as 2010) is stunning. If you've read a book on cryptography then you would know better than to use ECB mode. If you haven't read a book on cryptography then what the heck are you doing writing the crypto code in something as important as Microsoft Office? 

How do you put someone so green in such a position? Alternatively, if it wasn't a mistake, if it wasn't a matter of a lack of experience (because the failings of ECB were widely known long, long before the creation of Office 2010 - I knew about it in university in the 90s) then could this have actually been a kind of backdoor?