[cryptography] Non-governmental exploitation of crypto flaws?
sandyinchina at gmail.com
Sun Nov 27 21:44:23 EST 2011
On Mon, Nov 28, 2011 at 4:10 AM, Steven Bellovin <smb at cs.columbia.edu> wrote:
> Does anyone know of any (verifiable) examples of non-government enemies
> exploiting flaws in cryptography? I'm looking for real-world attacks on
> short key lengths, bad ciphers, faulty protocols, etc., by parties other
> than governments and militaries. I'm not interested in academic attacks
> -- I want to be able to give real-world advice -- nor am I looking for
> yet another long thread on the evils and frailties of PKI.
has a classic paper "Why cryptosystems fail" based on analyzing
failures in banking systems. Mostly not the stuff you mention,
but poor management. He has a bunch of related papers too.
More information about the cryptography