[cryptography] Non-governmental exploitation of crypto flaws?
marsh at extendedsubset.com
Sun Nov 27 15:52:04 EST 2011
> Steven Bellovin<smb at cs.columbia.edu> wrote:
> Does anyone know of any (verifiable) examples of non-government
> enemies exploiting flaws in cryptography? I'm looking for
> real-world attacks on short key lengths, bad ciphers, faulty
> protocols, etc., by parties other than governments and militaries.
> I'm not interested in academic attacks
Here are some ideas. I can probably run down some specific details and
references if you need them:
* Cases of breached databases where the passwords were hashed and maybe
salted, but with an insufficient work factor enabling dictionary attacks.
* NTLMv1/MSCHAPv1 dictionary attacks.
* NTLMv2/MSCHAPv2 credentials forwarding/reflection attacks.
* Here's an example of RSA-512 certificates being factored and used to
On 11/27/2011 02:23 PM, Landon Hurley wrote:
> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
> GSM and the Kaos club expert would be a good example.
...and non-academic researchers would seem to be an important category.
* There's the fail0verflow break of the specific use of
ECC in the Sony PlayStation 3.
The copy protection industry would seem fertile ground for this sort of
> So would the recent $200 hardware break of hdmi encryption.
As I read it the HDMI master key was leaked, perhaps by an insider, in
2010. The $200 hardware was basically an implementation of the protocol
using that key.
* Last but not least, there's DeCSS. The DVD consortium was dumb enough
to distribute the decryption key in a software player where it could be
examined so maybe it's not a crypto break like you're looking for. On
the other hand, having a single symmetric key for a mass-produced
consumer distribution channel certainly counts as a faulty protocol.
> -- I want to be able to give real-world advice -- nor am I looking
>> for yet another long thread on the evils and frailties of PKI.
Say, anyone looked at the Bitcoin prices lately? :-)
More information about the cryptography