[cryptography] Non-governmental exploitation of crypto flaws?

ianG iang at iang.org
Mon Nov 28 04:43:18 EST 2011

On 28/11/11 15:00 PM, Peter Gutmann wrote:
> Steven Bellovin<smb at cs.columbia.edu>  writes:
>> Does anyone know of any (verifiable) examples of non-government enemies
>> exploiting flaws in cryptography?
> Could you be a bit more precise about what "flaws in cryptography" covers?  If
> you mean exploiting bad or incorrect implementations of crypto then there's so
> much that I barely know where to start, if it's actual cryptanalytic attacks
> on anything other than toy crypto (homebrew ciphers, known-weak keys, etc)
> then there's very little around.  If it's something else, you'd have to let us
> know where the borders lie.

To be fair to Steve, although we've been bandying the term "toy crypto" 
and cousins around for a while, we haven't really defined it.  It's a 
bit like american pornography, we know it when we see it.


More information about the cryptography mailing list