[cryptography] Crypto Vulns
eth3rs at gmail.com
Sat Mar 7 13:06:39 EST 2015
> I seem to recall that Enigma was broken largely due to sloppy user practices e.g. weak message key, re-use of keys, repeating same message with a weaker scheme, etc. Used properly, Enigma would've been unbreakable at the time.
Yes, sloppy user practices helped cryptanalysis on all sides, but it
isn't fair to place all the blame on user practices. Even the best
Enigma machines had some serious fundamental weaknesses which
better user practices would not have been able to fix. Furthermore
some of the user practices that aided cryptanalysis were official
approved practices and should be viewed as part of the cryptosystem
and not the fault of the users themselves. Changing some of these
user practices would also have hurt effective communication (an
inherent trade off between mission assurance and information
It is remarked that user error helped defeat enigma, but these errors
often included things like allowing the allies to capture enigma
machines or manuals.
I think you are on to something with looking at Enigma as a case study
to tease apart different failure modes. I would be very interested to
see a list of all enigma cryptanalytic successes sorted by:
1. failure to follow approved practices,
2. poorly designed approved practices,
3. cryptographic weaknesses.
On Sat, Mar 7, 2015 at 12:01 PM, Dave Horsfall <dave at horsfall.org> wrote:
> On Sat, 7 Mar 2015, Kevin wrote:
>> > No 1 vulnerability of crypto is the user
>> > 2nd passphrases
>> > 3rd overconfidence
>> > 4th trust in the producer
>> > 5th believing backdoors are No. 1
>> I don't agree that the user should be first on that list unless you are
>> talking about poor implementation.
> How would you arrange them, then? I seem to recall that Enigma was broken
> largely due to sloppy user practices e.g. weak message key, re-use of
> keys, repeating same message with a weaker scheme, etc. Used properly,
> Enigma would've been unbreakable at the time.
> Dave Horsfall DTM (VK2KFU) "Bliss is a MacBook with a FreeBSD server."
> http://www.horsfall.org/spam.html (and check the home page whilst you're there)
> cryptography mailing list
> cryptography at randombit.net
More information about the cryptography