[cryptography] Non-governmental exploitation of crypto flaws?

Jon Callas jon at callas.org
Wed Nov 30 18:04:42 EST 2011

On Nov 29, 2011, at 8:33 PM, Ilya Levin wrote:

> On Tue, Nov 29, 2011 at 5:52 PM, Jon Callas <jon at callas.org> wrote:
>> But the other one is Drew Gross's observation. If you think like an attacker, then you're a fool to worry about the crypto.
> While generally true, this is kind of an overstatement. I'd say that
> if you think like an attacker then crypto must be the least of your
> worries.  But you still must worry about it.
> I've seen real life systems were broken because of crypto combined
> with other thins. Well, I broke couple of these in old days (whitehat
> legal stuff)
> For example, the Internet banking service of the bank I would not name
> here was compromised during a blind remote intrusion simulating
> exercise because of successful known plaintext attack on DES. Short
> DES keys together with key derivation quirks and access to ciphertext
> made the attack very practical and very effective.
> Again, I'm not arguing with Drew Gross's observation. It is just a bit
> extreme to say it like this.

Let me try to restate what I was saying, because I think the point is getting lost in the words.

If I were an attacker who wanted to compromise your computers, I would not attack your crypto. I would attack your software. Even if what I wanted to do was ultimately to get to your crypto, I wouldn't mount a cryptanalytical attack, I'd attack your system. That's it.

We are seeing this in the real world now. The targeted malware that the German government has to compromise Skype is not cryptanalysis, it is a systems-level attack that then gets at the crypto.

Robert Morris gave the famous advice, "first, check for plaintext." I'm just saying that checking first for Flash today's equivalent.


More information about the cryptography mailing list