[cryptography] Non-governmental exploitation of crypto flaws?

Tom Ritter tom at ritter.vg
Sun Nov 27 17:25:13 EST 2011


On 27 November 2011 20:10, Steven Bellovin <smb at cs.columbia.edu> wrote:
> Does anyone know of any (verifiable) examples of non-government enemies
> exploiting flaws in cryptography?  I'm looking for real-world attacks on
> short key lengths, bad ciphers, faulty protocols, etc., by parties other
> than governments and militaries.  I'm not interested in academic attacks

The Padding Oracle attack enabled real-world attacks on both common
(DotNetNuke) and proprietary .Net and JSF web applications, as well as
CAPTCHAs.  Based on emails I've seen, this was widely exploited
online.

The BEAST attack on TLS was demonstrated practically, but wasn't
exploited widely AFAIK, which is the same case for the MD5-colliding
CA cert.

The console hacking scene may have more examples besides the PS3 break
mentioned by Marsh.  XBox 360 was rooted using a glitch attack to make
a hash comparison fail:
http://www.free60.org/Reset_Glitch_Hack
This may not be what you're looking for, but inducing a fault to
bypass a cryptographic check is at least on the same street.

Several "encrypted" hard drives are crappy implementations.  This one:
http://www.h-online.com/security/features/Cracking-budget-encryption-746225.html
was broken after discovering its encryption was just a matrix
multiplication.  I'd say this is actually farther from crypto than the
fault attack.

The Debian Weak Key bug produced many exploitable scenarios, although
I'm not sure if there are public tales of one being actively
exploited.

There was also a presentation in the last three years about practical
crypto attacks on web applications.   I believe it had two examples,
one of which was a crappy RNG in the password reset mechanism of a
popular web framework.  I can't for the life of me find it after
searching for 30 minutes though.  (There was another recently I
believe around a timing attack on string comparisons but that's not
really crypto.)

-tom



More information about the cryptography mailing list