On Thursday 01 November 2007, Peter Hackett wrote:
> It seems like this conversation isn't taking into account the
> suggestion. The code is *really* small (and seems to be reasonably easy
> to understand.) So small that I'll include it here:
Yes, according to Wikipedia the algorithm seems to be sufficient for the
purpose. I would not recommend to use it under any other circumstances. A
strength of 32 bit is clearly not enough for any serious encryption.
A few warnings about the code you provided:
1) you should use quint32 instead of unsigned long, otherwise it will not
work on 64bit systems (eg. some Windows versions on x86_64 hardware(*)).
(*)Never say never! The next system is just one compile away and when it is
time for it, it needs to be done within a day - the customer wanted it last
week and is already calling every hour or so.
Better add this to your code to be warned:
#if sizeof(quint32) != 4
#error No pure 32bit integer available!
2) It requires some skill in coding, since it works in blocks of 64bit with
32bit words. Simple pointer conversion will not work and length should be
checked! Hint: QByteArray works with unsigned chars which become very nasty
if they contain non-ASCII characters (>=0x80) and are converted to bigger
3) It is a block cipher. Hence it needs an end-marker. If NUL-bytes (0x00)
are not allowed in passwords this would be the easiest marker, otherwise
cryptographic protocols usually append 0x80 to the clear data and fill the
remainder of the block with 0x00 bytes - this way you can look from the
back, throw away all 0x00 bytes until 0x80 is reached, throw away 0x80 as
well and use the remainder.
4) You should follow the Wikipedia link to the test vectors and use them on
your implementation on all your target platforms in order to make sure you
did not make any mistakes.
All this does not need extraordinary knowledge in cryptography, but at least
a bit of experience which I would not like to gain on a work project that
needs to be done yesterday... ;-)