Blowfish in Good Time Max
This screen shot is from the movie “Good Time Max.” 17 minutes and 52 seconds into the movie, it shows Blowfish being used as an encryption algorithm.
This screen shot is from the movie “Good Time Max.” 17 minutes and 52 seconds into the movie, it shows Blowfish being used as an encryption algorithm.
0x0BADF00D • January 21, 2011 3:54 PM
Ugh, who wrote that code and why didn’t they use a #define for the buffer sizes?
Thomas • January 21, 2011 4:28 PM
I though blowfish was cracked?
http://www.schneier.com/blog/archives/2009/03/blowfish_on_24_1.html
Jonas • January 21, 2011 5:36 PM
That was four years ago! I thought those kind of things were found in days in this day and age.
Joe Buck • January 21, 2011 5:40 PM
Key takeaway: to get your tech into the movies, give it a cool name.
helly • January 21, 2011 5:58 PM
It would probably make my day if one of the Resident Evil movies had used Rot-13 encryption somewhere.
There’s a buffer overflow in your source
Gabriel • January 21, 2011 7:24 PM
I guess they didn’t get the memo on memset https://www.securecoding.cert.org/confluence/display/cplusplus/MSC06-CPP.+Be+aware+of+compiler+optimization+when+dealing+with+sensitive+data
Additionally ecb? I hope they don’t have more than one block to encrypt
Gotta give credit though for using a real cipher and not some lame super l33t cheesy junk.
Okian Warrior • January 21, 2011 8:06 PM
Memeset? What the heck is that? (Second one from the top.)
Also, in addition to #defining the array lengths, the memsets should depend on the size of the array, not the length.
memset(array,0,sizeof(array));
Gabriel • January 21, 2011 8:44 PM
Memeset. You know, when you want to fill your buffer with the latest meme on the internet. The integer argument is actually how many years back to look.
For example, a few years ago the filled buffer would be:
How is babby formed? How a girl get pragnent.
Ten years ago: All your base are belong to us.
Your homework: provide a value for the second argument that will return: The cake is a lie.
Garren • January 21, 2011 8:49 PM
Hungarian notation and a status bar that appears to be consistent with a certain MS IDE.
I am disappoint
lottie • January 22, 2011 1:25 AM
@gabriel – absolute genius. the only problem is if memeset goes viral and then becomes recursive.
Andre LePlume • January 22, 2011 10:31 AM
I, for one, welcome our new memeset-using overlords.
Dirk Praet • January 22, 2011 4:45 PM
I wonder if the person who wrote this actually got paid for it. I don’t think I’d hire him/her. Then again, it’s nice to see some real-life stuff popping up once in a while in a motion picture. The blowfish-reference must at least have made somebody happy, pretty much like Fyodor is always absolutely thrilled whenever NMAP shows up in yet another movie (Die Hard 4, The Matrix Reloaded, The Bourne Ultimatum etc.).
Bruce Schneier • January 22, 2011 5:24 PM
“That was four years ago! I thought those kind of things were found in days in this day and age.”
I don’t get out much.
Gabriel • January 22, 2011 8:26 PM
Bruce, perhaps for your next cipher, the license should require any movie makers to notify you when they mention your cipher. Also attribution in the end credits, even in a modest manner. You know, somewhere before the lead actor’s name.
echowit • January 22, 2011 10:30 PM
Good thing it wasn’t written in Python.
Wouldn’t have been enough code to notice.
Prohias • January 23, 2011 9:22 AM
I am lobbying Hollywood for a Chuck Norris movie in which he cracks Blowfish.
Gabriel • January 23, 2011 10:01 AM
@prohias: don’t you know? While developing twofish, Bruce consulted Chuck Norris on improving blowfish. Chuck Norris kicked blowfish, and after it circled the world 7 times, it was transformed into what we now call twofish. Perviously scientists and engineers had known about his ability to form physical objects using a kick, see the sphinx and mt rushmore. After this experiment, it was confirmed that Chuck Norris kicks also had the power to shape algorithms.
Sorry, couldn’t resist myself.
Dirk Praet • January 23, 2011 1:27 PM
@ Prohias
The notion of Chuck Norris cracking blowfish is about as absurd as Stephen Hawking taking Capitol Hill by force using nothing more than a machete.
creepy • January 23, 2011 2:57 PM
man cat
Gabriel • January 23, 2011 3:33 PM
Dirk: you’re definitely not from around here :). Chuck Norris can crack anything. Even quantum key distribution. That’s why we’re glad he’s on our side.
http://www.chucknorrisfacts.com/
When Chuck Norris cracks crypto, it also snaps and pops.
AC2 • January 23, 2011 11:43 PM
And where be the Fri Squid update, Mr Bruce ‘Squidward’ Schneier??
Clive Robinson • January 24, 2011 2:51 AM
@ Gabriel,
“When Chuck Norris cracks crypto, it also snaps and pops”
Shouldn’t that be,
“… breaks crypto, it also snaps, crackles and pops”
You have to give the puffed up hackers their rice bowl 😉
karrde • January 24, 2011 9:13 AM
I guess “blowfish” in a movie is less noticeable than “nmap” in a movie.
But the Matrix series was definitely a geek-oriented movie, while this one is not quite. And “nmap” was used for its purpose, to find a weakness in a network and exploit that weakness.
Still, that makes me wonder…who provides technical support to movie screenwriters? Why do only a few movie screenwriters/directors care about this level of technical detail?
nowhere • January 24, 2011 9:44 AM
In this “movie”, could we get Chuck to say something to Bruce such as: “ah Master, your Kung Fu is the best!”
TimH • January 24, 2011 10:07 AM
I’ve always wondered in using Twofish-256 as choice for Truecrypt would help because I bet most people pick AES-256, so the brute force will shirley go for that first.
How’s this: “Going for every possibility is Brute Force. Analysing the problem using your knowledge and experience is Bruce Force.”
Nobody • January 24, 2011 11:35 AM
@TimH
Encryption is best when the storage is powered off. Then they will probably have to brute force.
http://www.zdnet.com/blog/security/cryogenically-frozen-ram-bypasses-all-disk-encryption-methods/900
moo • January 24, 2011 11:48 AM
@karrde: “Why do only a few movie screenwriters/directors care about this level of technical detail?”
Obviously, because very few members of the audience will notice or care. Some filmmakers occasionally put in a little extra effort for authenticity, and sometimes they get some kudos from the geek world for it. It doesn’t sell movie tickets though.
What is more annoying is that movie makers distort everything the way they distort computer technology. Its just easier to overlook it when its not an area you’re an expert in. Doctors probably cringe when they see emergency medical procedures in a movie. And unlike journalists (who routinely mangle the details of technical stories), the movie makers are doing it deliberately! If the goal of the movie is to entertain, they have to take boring things (like computer security) and make them seem glamorous somehow. So movie computers always have user interfaces that are for the benefit of the audience, rather than the benefit of the users.
vedaal • January 24, 2011 12:42 PM
Chloe cracked Blowfish on 24, and then, mysteriously the 24 was never renewed.
In the Nikita Remake, Birkhoff is about to pull off a great hack, the writers are only waiting to find out who wins the SHA 3 finals … 😉
Sam • January 24, 2011 12:53 PM
Hey look, memeset(buffer, 2) will fill your buffer with Chuck Norris facts.
That’s the problem with code, without comments you have no idea.
I don’t think it’s “meme” set, but “Me! Me!” set, which includes the likes of Hilton, Lohan, Snookie, etc.
Gabriel • January 24, 2011 2:19 PM
@TS: God help us if that’s the case!
Clive Robinson • January 25, 2011 4:14 AM
@ moo,
“… the movie makers are doing it deliberate! If the goal of the movie is to entertain, they have to take boring things (like computer security) and make them seem glamorous somehow”
You mean your “Comp Sec” job is boring and unglamorous?
I actually know someone who claimed he took on the job of sorting out “user passwords” at a south of the river London Universities business school just to get to know the female students…
Whether true or not he certainly went out with quite a few of them.
anon • January 25, 2011 7:42 AM
@moo
I remember a movie where the doctors in the hospital gave up after a patient went into ventricular fibrillation, but when a patient flatlined they shocked him.
For those who don’t know, the purpose of the shock (Defibrillation) is to stop the heart and hope it restarts correctly. It’s used for ventricular fibrillation (among others), and does nothing for a totally stopped heart (flatline).
Richard Steven Hack • January 25, 2011 10:23 PM
Bruce doesn’t care who plays him, as long as Angelina Jolie is cast opposite him. (Which makes absolutely no sense…)
And if Chuck Norris can’t crack Blowfish, Angie sure as hell can. She can crack anything between those thighs.
Kristian Hermansen • January 26, 2011 4:58 PM
Cryptographer says not to use Blowfish in this video due to flaws…
Soufiane • August 13, 2011 11:50 PM
A very nice buffer overflow..
Subscribe to comments on this entry
Sidebar photo of Bruce Schneier by Joe MacInnis.
Davi Ottenheimer • January 21, 2011 3:30 PM
Hmm, might have to see it now:
“Two genius brothers grow up and grow apart as one becomes a successful surgeon and the other pursues a drug-fueled high life”
Ah, but which one resorts to Blowfish?