[cryptography] Non-governmental exploitation of crypto flaws?

Sandy Harris sandyinchina at gmail.com
Sun Nov 27 21:44:23 EST 2011


On Mon, Nov 28, 2011 at 4:10 AM, Steven Bellovin <smb at cs.columbia.edu> wrote:
> Does anyone know of any (verifiable) examples of non-government enemies
> exploiting flaws in cryptography?  I'm looking for real-world attacks on
> short key lengths, bad ciphers, faulty protocols, etc., by parties other
> than governments and militaries.  I'm not interested in academic attacks
> -- I want to be able to give real-world advice -- nor am I looking for
> yet another long thread on the evils and frailties of PKI.

Ross Anderson
http://www.cl.cam.ac.uk/~rja14/
has a classic paper "Why cryptosystems fail" based on analyzing
failures in banking systems. Mostly not the stuff you mention,
but poor management. He has a bunch of related papers too.



More information about the cryptography mailing list