[cryptography] philosophical question about strengths and attacks at impossible levels

Peter Gutmann pgut001 at cs.auckland.ac.nz
Sat Nov 20 01:27:36 EST 2010


travis+ml-rbcryptography at subspacefield.org writes:
>Does the fact that parts of Stuxnet was signed by two valid certs
>count as a cryptographic failure?

The crypto worked perfectly, it was everything around it that failed.

(Which has been the case for every other security failure involving modern
crypto as well [0]).

Peter.

[0] Just for the nitpickers, that means properly-designed crypto using non-toy
    keys.



More information about the cryptography mailing list