[cryptography] Non-governmental exploitation of crypto flaws?

Thierry Moreau thierry.moreau at connotech.com
Wed Nov 30 08:01:24 EST 2011

Ilya Levin wrote:
> On Tue, Nov 29, 2011 at 5:52 PM, Jon Callas <jon at callas.org> wrote:
>> But the other one is Drew Gross's observation. If you think like an attacker, then you're a fool to worry about the crypto.
> While generally true, this is kind of an overstatement. I'd say that
> if you think like an attacker then crypto must be the least of your
> worries.  But you still must worry about it.
> I've seen real life systems were broken because of crypto combined
> with other thins. Well, I broke couple of these in old days (whitehat
> legal stuff)
> For example, the Internet banking service of the bank I would not name
> here was compromised during a blind remote intrusion simulating
> exercise because of successful known plaintext attack on DES. Short
> DES keys together with key derivation quirks and access to ciphertext
> made the attack very practical and very effective.

Indeed, single-length DES cracking for attacking electronic payment 
networks is the other instance (along with the TI software signature 
public key factorization) of a "production" crypto attack. Both are 
based on brute force against short key material.

It is not verifiable because a) the perpetrators needed no publicity to 
benefit, and b) the financial institutions were upgrading electronic 
payment gear to triple-DES (suddenly at a faster than usual pace which 
could raise suspicion, at least in my mind), and also preferred less 

I had some form of confirmation (that the attack scenario occurred) by 
the way the triple-DES upgrade project success has been described by a 
bank technology specialist who would have been aware of the incident(s).

- Thierry Moreau

> Again, I'm not arguing with Drew Gross's observation. It is just a bit
> extreme to say it like this.
> Best regards,
> Ilya
> ---
> http://www.literatecode.com

More information about the cryptography mailing list