[cryptography] Non-governmental exploitation of crypto flaws?

ianG iang at iang.org
Mon Nov 28 04:45:05 EST 2011


On 28/11/11 07:10 AM, Steven Bellovin wrote:
> Does anyone know of any (verifiable) examples of non-government enemies
> exploiting flaws in cryptography?  I'm looking for real-world attacks on
> short key lengths, bad ciphers, faulty protocols, etc., by parties other
> than governments and militaries.

I'd suggest:

1.  GSM.  The phones were first cracked by Lucky Green back in 1998 as 
an academic demo, and a few years back I heard it was possible to buy 
crack devices.  I didn't follow up, but the existance of kits would 
indicate there was a market for paparrazi or minute-theft or PIs.

2.  chip & pin.  Look at the Cambridge lab work.  They've been involved 
in some legal cases, and there might be some verified crunches in there.

> I'm not interested in academic attacks
> -- I want to be able to give real-world advice -- nor am I looking for
> yet another long thread on the evils and frailties of PKI.

Yeah.

If you are doing research to document the state of real breaches, that 
would be valuable info.


iang



More information about the cryptography mailing list