[cryptography] Crypto Vulns

coderman coderman at gmail.com
Sat Mar 7 21:11:06 EST 2015


On 3/7/15, Dave Horsfall <dave at horsfall.org> wrote:
> On Sat, 7 Mar 2015, Kevin wrote:
>
>> > No 1 vulnerability of crypto is the user
>> > 2nd passphrases
>> > 3rd overconfidence
>> > 4th trust in the producer
>> > 5th believing backdoors are No. 1
>>
>> I don't agree that the user should be first on that list unless you are
>> talking about poor implementation.
>
> How would you arrange them, then?  I seem to recall that Enigma was broken
> largely due to sloppy user practices e.g. weak message key, re-use of
> keys, repeating same message with a weaker scheme, etc.  Used properly,
> Enigma would've been unbreakable at the time.


1. failed software and security engineering. [#'s 1, 2, 4 above all
reduce to this error.]
2. overconfidence [believing backdoors or nation state attacks are
your weakness is overconfidence in the rest of your threat model]
3. complacency [if everything else is in place, letting habit slide to
convenience, then to compromise, will result in sorrow.]

some would say that truly strong, usable crypto systems with integrity
for the common public are impossible. i would retort that just because
we don't know how to build them yet, does not mean they won't exist in
the future. :P


best regards,


More information about the cryptography mailing list