[cryptography] Non-governmental exploitation of crypto flaws?

Sandy Harris sandyinchina at gmail.com
Sun Nov 27 21:44:23 EST 2011

On Mon, Nov 28, 2011 at 4:10 AM, Steven Bellovin <smb at cs.columbia.edu> wrote:
> Does anyone know of any (verifiable) examples of non-government enemies
> exploiting flaws in cryptography?  I'm looking for real-world attacks on
> short key lengths, bad ciphers, faulty protocols, etc., by parties other
> than governments and militaries.  I'm not interested in academic attacks
> -- I want to be able to give real-world advice -- nor am I looking for
> yet another long thread on the evils and frailties of PKI.

Ross Anderson
has a classic paper "Why cryptosystems fail" based on analyzing
failures in banking systems. Mostly not the stuff you mention,
but poor management. He has a bunch of related papers too.

More information about the cryptography mailing list