Schneier on Security
A blog covering security and security technology.
« Cyberwar is Overhyped |
| Brute-Force Safecracking »
January 21, 2011
Blowfish in Good Time Max
This screen shot is from the movie "Good Time Max." 17 minutes and 52 seconds into the movie, it shows Blowfish being used as an encryption algorithm.
Posted on January 21, 2011 at 2:36 PM
• 40 Comments
To receive these entries once a month by e-mail, sign up for the Crypto-Gram Newsletter.
Hmm, might have to see it now:
"Two genius brothers grow up and grow apart as one becomes a successful surgeon and the other pursues a drug-fueled high life"
Ah, but which one resorts to Blowfish?
Ugh, who wrote that code and why didn't they use a #define for the buffer sizes?
That was four years ago! I thought those kind of things were found in days in this day and age.
Key takeaway: to get your tech into the movies, give it a cool name.
It would probably make my day if one of the Resident Evil movies had used Rot-13 encryption somewhere.
There's a buffer overflow in your source
Memeset? What the heck is that? (Second one from the top.)
Also, in addition to #defining the array lengths, the memsets should depend on the size of the array, not the length.
Memeset. You know, when you want to fill your buffer with the latest meme on the internet. The integer argument is actually how many years back to look.
For example, a few years ago the filled buffer would be:
How is babby formed? How a girl get pragnent.
Ten years ago: All your base are belong to us.
Your homework: provide a value for the second argument that will return: The cake is a lie.
Hungarian notation and a status bar that appears to be consistent with a certain MS IDE.
I am disappoint
@gabriel - absolute genius. the only problem is if memeset goes viral and then becomes recursive.
I, for one, welcome our new memeset-using overlords.
I wonder if the person who wrote this actually got paid for it. I don't think I'd hire him/her. Then again, it's nice to see some real-life stuff popping up once in a while in a motion picture. The blowfish-reference must at least have made somebody happy, pretty much like Fyodor is always absolutely thrilled whenever NMAP shows up in yet another movie (Die Hard 4, The Matrix Reloaded, The Bourne Ultimatum etc.).
"That was four years ago! I thought those kind of things were found in days in this day and age."
I don't get out much.
Bruce, perhaps for your next cipher, the license should require any movie makers to notify you when they mention your cipher. Also attribution in the end credits, even in a modest manner. You know, somewhere before the lead actor's name.
Good thing it wasn't written in Python.
Wouldn't have been enough code to notice.
I am lobbying Hollywood for a Chuck Norris movie in which he cracks Blowfish.
@prohias: don't you know? While developing twofish, Bruce consulted Chuck Norris on improving blowfish. Chuck Norris kicked blowfish, and after it circled the world 7 times, it was transformed into what we now call twofish. Perviously scientists and engineers had known about his ability to form physical objects using a kick, see the sphinx and mt rushmore. After this experiment, it was confirmed that Chuck Norris kicks also had the power to shape algorithms.
Sorry, couldn't resist myself.
The notion of Chuck Norris cracking blowfish is about as absurd as Stephen Hawking taking Capitol Hill by force using nothing more than a machete.
Dirk: you're definitely not from around here :). Chuck Norris can crack anything. Even quantum key distribution. That's why we're glad he's on our side.
When Chuck Norris cracks crypto, it also snaps and pops.
Just had a look. I stand corrected 8-)
So who do you want to play *you*, Bruce?
And where be the Fri Squid update, Mr Bruce 'Squidward' Schneier??
"When Chuck Norris cracks crypto, it also snaps and pops"
Shouldn't that be,
"... breaks crypto, it also snaps, crackles and pops"
You have to give the puffed up hackers their rice bowl ;-)
I guess "blowfish" in a movie is less noticeable than "nmap" in a movie.
But the Matrix series was definitely a geek-oriented movie, while this one is not quite. And "nmap" was used for its purpose, to find a weakness in a network and exploit that weakness.
Still, that makes me wonder...who provides technical support to movie screenwriters? Why do only a few movie screenwriters/directors care about this level of technical detail?
In this "movie", could we get Chuck to say something to Bruce such as: "ah Master, your Kung Fu is the best!"
I've always wondered in using Twofish-256 as choice for Truecrypt would help because I bet most people pick AES-256, so the brute force will shirley go for that first.
How's this: "Going for every possibility is Brute Force. Analysing the problem using your knowledge and experience is Bruce Force."
@karrde: "Why do only a few movie screenwriters/directors care about this level of technical detail?"
Obviously, because very few members of the audience will notice or care. Some filmmakers occasionally put in a little extra effort for authenticity, and sometimes they get some kudos from the geek world for it. It doesn't sell movie tickets though.
What is more annoying is that movie makers distort everything the way they distort computer technology. Its just easier to overlook it when its not an area you're an expert in. Doctors probably cringe when they see emergency medical procedures in a movie. And unlike journalists (who routinely mangle the details of technical stories), the movie makers are doing it deliberately! If the goal of the movie is to entertain, they have to take boring things (like computer security) and make them seem glamorous somehow. So movie computers always have user interfaces that are for the benefit of the audience, rather than the benefit of the users.
Chloe cracked Blowfish on 24, and then, mysteriously the 24 was never renewed.
In the Nikita Remake, Birkhoff is about to pull off a great hack, the writers are only waiting to find out who wins the SHA 3 finals ... ;-)
Hey look, memeset(buffer, 2) will fill your buffer with Chuck Norris facts.
That's the problem with code, without comments you have no idea.
I don't think it's "meme" set, but "Me! Me!" set, which includes the likes of Hilton, Lohan, Snookie, etc.
@TS: God help us if that's the case!
"... the movie makers are doing it deliberate! If the goal of the movie is to entertain, they have to take boring things (like computer security) and make them seem glamorous somehow"
You mean your "Comp Sec" job is boring and unglamorous?
I actually know someone who claimed he took on the job of sorting out "user passwords" at a south of the river London Universities business school just to get to know the female students...
Whether true or not he certainly went out with quite a few of them.
I remember a movie where the doctors in the hospital gave up after a patient went into ventricular fibrillation, but when a patient flatlined they shocked him.
For those who don't know, the purpose of the shock (Defibrillation) is to stop the heart and hope it restarts correctly. It's used for ventricular fibrillation (among others), and does nothing for a totally stopped heart (flatline).
Bruce doesn't care who plays him, as long as Angelina Jolie is cast opposite him. (Which makes absolutely no sense...)
And if Chuck Norris can't crack Blowfish, Angie sure as hell can. She can crack anything between those thighs.
A very nice buffer overflow..
Schneier.com is a personal website. Opinions expressed are not necessarily those of BT.