[cryptography] Crypto Vulns

Kevin kevinsisco61784 at gmail.com
Sun Mar 8 15:28:02 EDT 2015

On 3/7/2015 9:11 PM, coderman wrote:
> On 3/7/15, Dave Horsfall <dave at horsfall.org> wrote:
>> On Sat, 7 Mar 2015, Kevin wrote:
>>>> No 1 vulnerability of crypto is the user
>>>> 2nd passphrases
>>>> 3rd overconfidence
>>>> 4th trust in the producer
>>>> 5th believing backdoors are No. 1
>>> I don't agree that the user should be first on that list unless you are
>>> talking about poor implementation.
>> How would you arrange them, then?  I seem to recall that Enigma was broken
>> largely due to sloppy user practices e.g. weak message key, re-use of
>> keys, repeating same message with a weaker scheme, etc.  Used properly,
>> Enigma would've been unbreakable at the time.
> 1. failed software and security engineering. [#'s 1, 2, 4 above all
> reduce to this error.]
> 2. overconfidence [believing backdoors or nation state attacks are
> your weakness is overconfidence in the rest of your threat model]
> 3. complacency [if everything else is in place, letting habit slide to
> convenience, then to compromise, will result in sorrow.]
> some would say that truly strong, usable crypto systems with integrity
> for the common public are impossible. i would retort that just because
> we don't know how to build them yet, does not mean they won't exist in
> the future. :P
> best regards,
> _______________________________________________
> cryptography mailing list
> cryptography at randombit.net
> http://lists.randombit.net/mailman/listinfo/cryptography
Such systems may already be around.  This of course raises the debate 
surrounding unbreakable codes.

This email is free from viruses and malware because avast! Antivirus protection is active.

More information about the cryptography mailing list