Blowfish in Fiction

The algorithm is mentioned in Von Neumann's War, by John Ringo and Travis Taylor.

P. 495:

The guy was using a fairly simple buffer overflow attack but with a very nice little fillip of an encryption packet designed to overcome Blowfish. The point seemed to be to create a zero day exploit, which he didn't have a chance of managing. So far, nobody had cracked Blowfish.

P. 504:

As far as he could tell, at first, it was a simple Denial of Service attack. A DoS occurred when... But this one was different. Every single packet contained some sort of cracking program ... Most had dumped to the honey trap, but they were running rampant through there, while others had managed to hammer past two firewalls and were getting to his final line of defense. Somebody had managed a zero day exploit on Blowfish. And more were coming in!

Posted on November 13, 2009 at 2:43 PM • 30 Comments

Comments

user@example.comNovember 13, 2009 3:19 PM

There's a free copy of the book [url=http://baencd.thefifthimperium.com/]here[/url], on the Eye of the Storm CD (and probably on other CDs, too, but that's the latest one with it). The quote's in chapter 24, if anyone has a burning desire to discover the context.

If the quote does give anyone a burning sensation, they should probably see a doctor about it...

Geoffrey KiddNovember 13, 2009 3:28 PM

The book itself is one hell of a good read. Majorly scary good read.

And there have been requests for a sequel. Just how DO you take down a network of Von Neumann machines?

TanukiNovember 13, 2009 3:41 PM

*So far, nobody had cracked Blowfish*

Reminds me of what someone said at an IBM mainframe-security seminar a couple of decades back:

"We have never had an unidentified security-breach on our systems".

What you don't know is going on is what kills you.

user@example.comNovember 13, 2009 3:43 PM

From the SF I remember, the Culture reprogram them into an expanding swarm of hugbots that politely request spare resources for their replication, Warhammer 40,000 throws a few billion Imperial Guard at it and goes back to dealing with the bigger threats (or a bunch of Orks loot it an' make it proppa orky), and Star Wars writes a terrible Expanded Universe series of books about it.

mikeNovember 13, 2009 4:17 PM

I an't no English professor, but this is some really bad wording.
"encryption packet"
"honey trap"
"Every single packet contained some sort of cracking program"

CraigNovember 13, 2009 4:25 PM

Unless they've got much larger MTUs that we normally see today, those must be awfully small cracking programs if they fit into a single IP packet.

NixNovember 13, 2009 5:17 PM

Oh, RS, that was quite unfair. This book is nowhere *near* as appalling as Ghost and its sequels; not even as appalling as the SS-venerating _Watch on the Rhine_. (How many copies did *that* sell in Germany, I wonder?)

LeoloNovember 13, 2009 6:39 PM

This is techo-peotry. Plausible sounding but technically unsound. Mike has pointed out 3 howlers.

LeoloNovember 13, 2009 6:41 PM

What's more: "zero-day exploit to Blowfish" It was released 6 years ago. Bit late for a zero-day exploit...

Franky BNovember 13, 2009 7:18 PM

@Leolo:

Blowfish was released 16 years ago, not 6, and I don't think you understand what zero-day means. A zero-day exploit is an exploit that's released before the vulnerability it exploits is widely known. It has nothing to do with the release date of the targetted technology.

Clive RobinsonNovember 14, 2009 1:06 AM

Hmmm,

"but they were running rampant through there, while others had managed to hammer past two firewalls and were getting to his final line of defense. Somebody had managed a zero day exploit on Blowfish. And more were coming in!"

With all these blowing fish running rampant whilst hammering at walls of fire, I'm surprised there was not a "time to pull the plug and let the attack wash it's self out"

Ahh the endless fun that can be had from this.

@ Bruce,

It's time your cipher names evolved and crawled up the beach befor hitting the trees.

How about "LeapFish", "SoarTrout", "HopSkipper", "BogBreacher" "LoamCreeper", "RootLurker", "TrunkTransverser" and last but not least the real heavy weight "BoughBreaker" 8)

Clive RobinsonNovember 14, 2009 11:16 AM

It has been pointed out to me that "leapfish" has been taken by some up and comming search engine (no I'd not heard of it either)

So I thoiught OK how about "jumpfish", a quick google and that had been taken.

So a quick look in a thesaurus and further googling shows that "*fish" is popular.

However it looks like "friskfish" and "vaultfish" are still available.

Which begs the question what is it with "fish"...

vanillaNovember 14, 2009 2:34 PM

@clive ...

Go Fish. Bots come fishing, trying to byte. Blowfish puffs up and blocks the entrance.

My uninformed wag ... (g)

van

oh-sighNovember 14, 2009 2:59 PM

thanks for posting this - I'll be sure to add this book to my "don't bother reading" list... "honey trap"? seriously? *sigh* (it's honey pot...)

MarcNovember 15, 2009 1:34 AM

A "honey trap" in espionage (or at least in espionage fiction) is a woman, a.k.a. a "Venus trap", who seduces our hero and tries to steal his secrets during pillow talk. If you're a hack writer, cribbing bad cliches from wherever you can pick 'em up, it's probably easy to get your genres mixed.

(Oh, and by the way: when my father was stationed in Japan in the '40s, "honey pot" was what they called the big jars that carried s**t between chamber pot and farmer's field.)

bcsNovember 15, 2009 1:25 PM

In network security jargon a honey pot is a system that exists only to provide attackers with a target featuring known exploitable holes and no real data. It's usually a virtual machine with monitoring systems to analyze and track back hack attempts. The sourceforge "honeytrap" system mentioned above is one such monitoring system.

DaveKNovember 17, 2009 7:00 AM

Attention, all wanna-be cyberpunk SF authors: repeat after me

" A network packet is not an intentional entity. "

If you get this wrong in your novels I will force you to write it out 100 times longhand, like the idiot children you obviously are.

Dave HoweNovember 17, 2009 10:41 AM

This would be an example of what I call "Dan Brown Science" - to write a book where a major plot device is "foo", obtain several papers on "foo", search for interesting looking words or phrases the paper's writer appears to feel are important, then drop them liberally into any descriptions you might have to provide without any real understanding or desire to understand what they mean or what context they should be used in.

This is the same thing that got me as far as "rotating plaintext" in one book before it was flung violently at a wall at the far side of the room....

MoeNovember 19, 2009 4:13 AM

> This is the same thing that got me as far as "rotating plaintext" in one book before it was flung violently at a wall at the far side of the room....

I'm guessing it's too much to hope they were talking about ROT13 or the Caesar cipher...

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of Co3 Systems, Inc..