[cryptography] Non-governmental exploitation of crypto flaws?

Marsh Ray marsh at extendedsubset.com
Sun Nov 27 15:52:04 EST 2011


> Steven Bellovin<smb at cs.columbia.edu>  wrote:
>
> Does anyone know of any (verifiable) examples of non-government
> enemies exploiting flaws in cryptography?  I'm looking for
> real-world attacks on short key lengths, bad ciphers, faulty
> protocols, etc., by parties other than governments and militaries.
> I'm not interested in academic attacks

Here are some ideas. I can probably run down some specific details and 
references if you need them:

* Cases of breached databases where the passwords were hashed and maybe 
salted, but with an insufficient work factor enabling dictionary attacks.

* NTLMv1/MSCHAPv1 dictionary attacks.

* NTLMv2/MSCHAPv2 credentials forwarding/reflection attacks.

* Here's an example of RSA-512 certificates being factored and used to 
sign malware:
> http://blog.fox-it.com/2011/11/21/rsa-512-certificates-abused-in-the-wild/


On 11/27/2011 02:23 PM, Landon Hurley wrote:
> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
> GSM and the Kaos club expert would be a good example.

...and non-academic researchers would seem to be an important category.

* There's the fail0verflow break of the specific use of
ECC in the Sony PlayStation 3.
http://www.theregister.co.uk/2010/12/30/ps3_jailbreak_hack/

The copy protection industry would seem fertile ground for this sort of 
example.

> So would the recent $200 hardware break of hdmi encryption.

* http://aktuell.ruhr-uni-bochum.de/pm2011/pm00386.html.en
As I read it the HDMI master key was leaked, perhaps by an insider, in 
2010. The $200 hardware was basically an implementation of the protocol 
using that key.

* Last but not least, there's DeCSS. The DVD consortium was dumb enough 
to distribute the decryption key in a software player where it could be 
examined so maybe it's not a crypto break like you're looking for. On 
the other hand, having a single symmetric key for a mass-produced 
consumer distribution channel certainly counts as a faulty protocol.

> -- I want to be able to give real-world advice -- nor am I looking
>> for yet another long thread on the evils and frailties of PKI.

Say, anyone looked at the Bitcoin prices lately? :-)

- Marsh



More information about the cryptography mailing list