[cryptography] Non-governmental exploitation of crypto flaws?
iang at iang.org
Mon Nov 28 04:43:18 EST 2011
On 28/11/11 15:00 PM, Peter Gutmann wrote:
> Steven Bellovin<smb at cs.columbia.edu> writes:
>> Does anyone know of any (verifiable) examples of non-government enemies
>> exploiting flaws in cryptography?
> Could you be a bit more precise about what "flaws in cryptography" covers? If
> you mean exploiting bad or incorrect implementations of crypto then there's so
> much that I barely know where to start, if it's actual cryptanalytic attacks
> on anything other than toy crypto (homebrew ciphers, known-weak keys, etc)
> then there's very little around. If it's something else, you'd have to let us
> know where the borders lie.
To be fair to Steve, although we've been bandying the term "toy crypto"
and cousins around for a while, we haven't really defined it. It's a
bit like american pornography, we know it when we see it.
More information about the cryptography