[cryptography] Crypto Vulns

Kevin kevinsisco61784 at gmail.com
Sun Mar 8 15:28:02 EDT 2015


On 3/7/2015 9:11 PM, coderman wrote:
> On 3/7/15, Dave Horsfall <dave at horsfall.org> wrote:
>> On Sat, 7 Mar 2015, Kevin wrote:
>>
>>>> No 1 vulnerability of crypto is the user
>>>> 2nd passphrases
>>>> 3rd overconfidence
>>>> 4th trust in the producer
>>>> 5th believing backdoors are No. 1
>>> I don't agree that the user should be first on that list unless you are
>>> talking about poor implementation.
>> How would you arrange them, then?  I seem to recall that Enigma was broken
>> largely due to sloppy user practices e.g. weak message key, re-use of
>> keys, repeating same message with a weaker scheme, etc.  Used properly,
>> Enigma would've been unbreakable at the time.
>
> 1. failed software and security engineering. [#'s 1, 2, 4 above all
> reduce to this error.]
> 2. overconfidence [believing backdoors or nation state attacks are
> your weakness is overconfidence in the rest of your threat model]
> 3. complacency [if everything else is in place, letting habit slide to
> convenience, then to compromise, will result in sorrow.]
>
> some would say that truly strong, usable crypto systems with integrity
> for the common public are impossible. i would retort that just because
> we don't know how to build them yet, does not mean they won't exist in
> the future. :P
>
>
> best regards,
> _______________________________________________
> cryptography mailing list
> cryptography at randombit.net
> http://lists.randombit.net/mailman/listinfo/cryptography
Such systems may already be around.  This of course raises the debate 
surrounding unbreakable codes.


---
This email is free from viruses and malware because avast! Antivirus protection is active.
http://www.avast.com



More information about the cryptography mailing list