Steven Bellovin<[email protected]>  wrote:

Does anyone know of any (verifiable) examples of non-government
enemies exploiting flaws in cryptography?  I'm looking for
real-world attacks on short key lengths, bad ciphers, faulty
protocols, etc., by parties other than governments and militaries.
I'm not interested in academic attacks

Here are some ideas. I can probably run down some specific details and references if you need them:

* Cases of breached databases where the passwords were hashed and maybe salted, but with an insufficient work factor enabling dictionary attacks.

* NTLMv1/MSCHAPv1 dictionary attacks.

* NTLMv2/MSCHAPv2 credentials forwarding/reflection attacks.

* Here's an example of RSA-512 certificates being factored and used to sign malware:
http://blog.fox-it.com/2011/11/21/rsa-512-certificates-abused-in-the-wild/


On 11/27/2011 02:23 PM, Landon Hurley wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
GSM and the Kaos club expert would be a good example.

...and non-academic researchers would seem to be an important category.

* There's the fail0verflow break of the specific use of
ECC in the Sony PlayStation 3.
http://www.theregister.co.uk/2010/12/30/ps3_jailbreak_hack/

The copy protection industry would seem fertile ground for this sort of example.

So would the recent $200 hardware break of hdmi encryption.

* http://aktuell.ruhr-uni-bochum.de/pm2011/pm00386.html.en
As I read it the HDMI master key was leaked, perhaps by an insider, in 2010. The $200 hardware was basically an implementation of the protocol using that key.

* Last but not least, there's DeCSS. The DVD consortium was dumb enough to distribute the decryption key in a software player where it could be examined so maybe it's not a crypto break like you're looking for. On the other hand, having a single symmetric key for a mass-produced consumer distribution channel certainly counts as a faulty protocol.

-- I want to be able to give real-world advice -- nor am I looking
for yet another long thread on the evils and frailties of PKI.

Say, anyone looked at the Bitcoin prices lately? :-)

- Marsh
_______________________________________________
cryptography mailing list
[email protected]
http://lists.randombit.net/mailman/listinfo/cryptography

Reply via email to