13 comments

[ 3.4 ms ] story [ 43.3 ms ] thread
In Anno 2025 how does 3DES get past a reviewer?
By design.
Obviously DeepSeek chose it by design, but the question is how it got past the app store reviewers.
Why would app store reviewers care about your encryption choices?
They ask. Encryption has a whole bunch of weird laws around it.
I am aware of export controls on encryption, but I didn't realize platforms enforce this. TIL, thank you.
Specifically choosing an encryption algorithm that has been known to be insecure for a decade should be indicative of either extreme carelessness or deceptive and malicious intent.

Considering that use of the app store is forced, purportedly to keep users of iphones secure, one would imagine that they would care.

What's wrong with 3DES?
>Sweet32: Birthday attacks on 64-bit block ciphers in TLS and OpenVPN

>CVE-2016-2183, CVE-2016-6329

>[...] short block size makes a block cipher vulnerable to birthday attacks, even if there are no cryptographic attacks against the block cipher itself. We observe that such attacks have now become practical for the common usage of 64-bit block ciphers

>We show that a network attacker who can monitor a long-lived Triple-DES HTTPS connection between a web browser and a website can recover secure HTTP cookies

https://sweet32.info/

Is this a flaw or feature that allows government spying?
(comment deleted)