[cryptography] real world illustrations of Kerckhoff's principle?

travis+ml-rbcryptography at subspacefield.org travis+ml-rbcryptography at subspacefield.org
Thu Sep 9 16:15:04 EDT 2010

On Wed, Sep 08, 2010 at 12:12:42PM -0700, travis+ml-rbcryptography at subspacefield.org wrote:
> A few things leap to mind:
> Skipjack and LEAFblower
> LANMAN password hashing
> http://thedailywtf.com/Articles/So-You-Hacked-Our-Site!.aspx
> http://en.wikipedia.org/wiki/A5/1
> Also "The Art of Intrusion" has a good example of bad PRNG design in cheap
> Japanese slot machines.

And add to that Trillian IM crypto... I seem to recall it's using
unauthenticated Diffie-Helman.  Someone from the crypto list went on
their forums and tried to point out the lack of authentication problem
to them, and the responses indicated that the user base was rude,
ignorant, and - worst of all - stubbornly refused to think they didn't
know everything about crypto, going so far as to confuse PK lengths
with symmetric key lengths in vehement, condescending, ignorant

This seems to happen so often, I'm tempted to coin a phrase for the
purpose.  Perhaps something ironic, along the lines of:

"I see I cannot teach you anything, for you already know it all."

I'm hoping the peanut gallery goes away thinking you've conceded to,
even complimented them, and the wise know exactly what you mean.

I am reminded of an old Zen story:

I find your ideas intriguing and would like to subscribe to your newsletter.
My emails do not have attachments; it's a digital signature that your mail
program doesn't understand. | http://www.subspacefield.org/~travis/ 
If you are a spammer, please email john at subspacefield.org to get blacklisted.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://lists.randombit.net/pipermail/cryptography/attachments/20100909/b13a345d/attachment.asc>

More information about the cryptography mailing list