[cryptography] Non-governmental exploitation of crypto flaws?

dan at geer.org dan at geer.org
Tue Nov 29 07:44:29 EST 2011


Steve/Jon, et al.,

Would you say something about whether you consider key management
as within scope of the phrase "crypto flaw?"  There is a fair
amount of snake oil there, or so it seems to me in my line of
work (reading investment proposals and the like) -- things like
secure boot devices that, indeed, are encrypted but which have the
decryption key hidden on the device (security through obscurity).
That's just an example; don't pick on it, per se.  But to repeat,
is key management within scope of the phrase crypto flaw?

--dan




More information about the cryptography mailing list