At 1:22 PM -0400 5/29/03, Ian Grigg wrote:
The following appears to be a bone fide case of a
threat model in action against the PGP program.

Leaving aside commentary on the pros and cons
within this example, there is a desparate lack of
real experience in how crypto systems are attacked.
IMHO, this leads to some rather poorly chosen
engineering decisions that have shown themselves
to stymie or halt the success of otherwise good
crypto systems.

Does anyone know of a repository for real life
attacks on crypto systems?  Or are we stuck with
theoretical and academic threats when building
new systems?


There is a lot of material from the World War II era (e.g Silk and Cyanide by Leo Marks) and the early cold war (e.g.

Government cryptographic successes are usually highly classified and kept that way for decades. There was one recent story about the FBI's apparent use of a keyboard logger to get a accused organized criminal's password. The latest U.S. Government wiretap report (they are now required to report on encryption incidents) says: "Encryption was reported to have been encountered in 16 wiretaps terminated in 2002 and in 18 wiretaps terminated in calendar year 2001 or earlier but reported for the first time in 2002; however in none of these case was encryption reported to have prevented law enforcement officials from obtaining the plain text of the communications intercepted." By comparison they reported 1358 intercepts authorized in 2002.

Arnold Reinhold

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Reply via email to