On Mon, Nov 28, 2011 at 4:10 AM, Steven Bellovin <[email protected]> wrote: > Does anyone know of any (verifiable) examples of non-government enemies > exploiting flaws in cryptography? I'm looking for real-world attacks on > short key lengths, bad ciphers, faulty protocols, etc., by parties other > than governments and militaries. I'm not interested in academic attacks > -- I want to be able to give real-world advice -- nor am I looking for > yet another long thread on the evils and frailties of PKI.
Ross Anderson http://www.cl.cam.ac.uk/~rja14/ has a classic paper "Why cryptosystems fail" based on analyzing failures in banking systems. Mostly not the stuff you mention, but poor management. He has a bunch of related papers too. _______________________________________________ cryptography mailing list [email protected] http://lists.randombit.net/mailman/listinfo/cryptography
