Sloppy's Journal: Dumbly named constants

When you're looking at the docs for a cipher library, and one of the block feedback modes is called MODE_PGP, you just ass/u/me that using this mode, will cause the cipher to use OpenPGP's weirdo variation on Cipher FeedBack, right? Right?

But I kept getting nonsense outta my decrypter. Is my session key messed up? Nope. Was I actually supposed to fill in the IV with something other than zeros? Nope, the spec is clear. Ok, let's look at GnuPG's source and see how it does things. Yeah, ok, your code looks like it does the same thing as mine. Eh, maybe the cipher just has a bug. Let's try testing with the same library's Blowfish instead of AES. Nope, that doesn't work either. Finally I check the damn cipher library's source code, and I don't understand what the MODE_PGP stuff is trying to do. So I check RFC2440 again, to make sure I understand what I'm looking for. Then I check the source again. I don't get it -- I see no relationship at all.

Gee, dude, thanks for calling it MODE_PGP when it obviously has nothing to do with PGP. I only wasted two nights on this...

Debugging crypto is no fun!

[John Harrison]

I have bandged my head against 3DES key derivation schemes for literally weeks at a time. All you know is that your output isn't what it should be but you have no idea where you went wrong. Step 1? Step 100? Oh you mean this spec is wrong? Well then why did you send it to me?

Re:Debugging crypto is no fun!

[Cyberdyne]

I had something similar a few years ago in Java, but since I was only doing that for "fun", I just gave up and used a C version instead.

A dumber constant still, however, has to be an elderly Visual Basic engineering calculation application, in which there was a constant named PI - with a value along the lines of 3.14279 - which was then used as pi in some trig approximations. Since it had been written as a bespoke job for a client, who demanded source code - which was provided in an encrypted ZIP file, no