We are so used to all the jokes about programmers re-using online code and copypasting stuff from StackOverflow all the time that we sometimes forget about a sad reality – lots of public code is being copied blindly, and ‘if it works’, it more than often makes it to a production level… yes… including code that is incorporated into release build and signed binaries.<\/p>\n\n\n\n
This brings a lot of interesting side-effects:<\/p>\n\n\n\n
The main topic of this post is the item #2 on the above list: <\/p>\n\n\n\n
– crypto primitives re-use.<\/p>\n\n\n\n
After poking around en masse<\/em> in a large number of ‘good; samples I discovered that many of these samples re-use the AES crypto routines that rely on the following two primitives:<\/p>\n\n\n\n This is not a coincidence – you can find code instances that refer to this combo here<\/a>. Programmers don’t know what to change in this code and they just embed it as it is. Bad and pretty big mistake. <\/p>\n\n\n\n There are many more examples like this and I may list them some time in the future.<\/p>\n","protected":false},"excerpt":{"rendered":" We are so used to all the jokes about programmers re-using online code and copypasting stuff from StackOverflow all the time that we sometimes forget about a sad reality – lots of public code is being copied blindly, and ‘if … Continue reading