[cryptography] Non-governmental exploitation of crypto flaws?
smb at cs.columbia.edu
Mon Nov 28 19:58:35 EST 2011
On Nov 27, 2011, at 11:00 PM, Peter Gutmann wrote:
> Steven Bellovin <smb at cs.columbia.edu> writes:
>> Does anyone know of any (verifiable) examples of non-government enemies
>> exploiting flaws in cryptography?
> Could you be a bit more precise about what "flaws in cryptography" covers? If
> you mean exploiting bad or incorrect implementations of crypto then there's so
> much that I barely know where to start, if it's actual cryptanalytic attacks
> on anything other than toy crypto (homebrew ciphers, known-weak keys, etc)
> then there's very little around. If it's something else, you'd have to let us
> know where the borders lie.
Private reply. I'm writing a new book on security; let me know if you want to
see the preface and ToC. Right now, I'm working on the crypto chapter. So --
in a book that stresses realistic security and paying attention to threat models,
what do I tell folks about petroleum herpetology? Passwords are a different chapter;
so is process. DRM is out of scope for this book. But I don't really want to
advertise it this far in advance of completion at best, it will be released about a
year from now, and that's *if* I can finish it by May or June.
--Steve Bellovin, https://www.cs.columbia.edu/~smb
More information about the cryptography