[cryptography] Non-governmental exploitation of crypto flaws?

Florian Weimer fw at deneb.enyo.de
Sun Nov 27 16:14:48 EST 2011


* Steven Bellovin:

> Does anyone know of any (verifiable) examples of non-government enemies
> exploiting flaws in cryptography?

DeCSS and subsequent DRM failures (including modchips), L0phtcrack,
the IMSI catcher*, some Elcomsoft products (particularly those better
than brute force), attacks on WEP, debit card skimming*, attacks on
malware encryption schemes by the AV industry.

All these have been productized in some form or other, which suggests
that some sort of "enemy exploitation" exists in this context.

* depending on your definition of cryptography



More information about the cryptography mailing list