[cryptography] Non-governmental exploitation of crypto flaws?

Steven Bellovin smb at cs.columbia.edu
Mon Nov 28 19:58:35 EST 2011


On Nov 27, 2011, at 11:00 PM, Peter Gutmann wrote:

> Steven Bellovin <smb at cs.columbia.edu> writes:
> 
>> Does anyone know of any (verifiable) examples of non-government enemies
>> exploiting flaws in cryptography?
> 
> Could you be a bit more precise about what "flaws in cryptography" covers?  If 
> you mean exploiting bad or incorrect implementations of crypto then there's so 
> much that I barely know where to start, if it's actual cryptanalytic attacks 
> on anything other than toy crypto (homebrew ciphers, known-weak keys, etc) 
> then there's very little around.  If it's something else, you'd have to let us
> know where the borders lie.
> 
Private reply.  I'm writing a new book on security; let me know if you want to
see the preface and ToC.  Right now, I'm working on the crypto chapter.  So --
in a book that stresses realistic security and paying attention to threat models,
what do I tell folks about petroleum herpetology?  Passwords are a different chapter;
so is process.  DRM is out of scope for this book.  But I don't really want to
advertise it this far in advance of completion at best, it will be released about a
year from now, and that's *if* I can finish it by May or June.


		--Steve Bellovin, https://www.cs.columbia.edu/~smb








More information about the cryptography mailing list