Steven Bellovin<[email protected]> wrote:
Does anyone know of any (verifiable) examples of non-government
enemies exploiting flaws in cryptography? I'm looking for
real-world attacks on short key lengths, bad ciphers, faulty
protocols, etc., by parties other than governments and militaries.
I'm not interested in academic attacks
Here are some ideas. I can probably run down some specific details and
references if you need them:
* Cases of breached databases where the passwords were hashed and maybe
salted, but with an insufficient work factor enabling dictionary attacks.
* NTLMv1/MSCHAPv1 dictionary attacks.
* NTLMv2/MSCHAPv2 credentials forwarding/reflection attacks.
* Here's an example of RSA-512 certificates being factored and used to
sign malware:
http://blog.fox-it.com/2011/11/21/rsa-512-certificates-abused-in-the-wild/
On 11/27/2011 02:23 PM, Landon Hurley wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
GSM and the Kaos club expert would be a good example.
...and non-academic researchers would seem to be an important category.
* There's the fail0verflow break of the specific use of
ECC in the Sony PlayStation 3.
http://www.theregister.co.uk/2010/12/30/ps3_jailbreak_hack/
The copy protection industry would seem fertile ground for this sort of
example.
So would the recent $200 hardware break of hdmi encryption.
* http://aktuell.ruhr-uni-bochum.de/pm2011/pm00386.html.en
As I read it the HDMI master key was leaked, perhaps by an insider, in
2010. The $200 hardware was basically an implementation of the protocol
using that key.
* Last but not least, there's DeCSS. The DVD consortium was dumb enough
to distribute the decryption key in a software player where it could be
examined so maybe it's not a crypto break like you're looking for. On
the other hand, having a single symmetric key for a mass-produced
consumer distribution channel certainly counts as a faulty protocol.
-- I want to be able to give real-world advice -- nor am I looking
for yet another long thread on the evils and frailties of PKI.
Say, anyone looked at the Bitcoin prices lately? :-)
- Marsh
_______________________________________________
cryptography mailing list
[email protected]
http://lists.randombit.net/mailman/listinfo/cryptography