On 28/11/11 07:10 AM, Steven Bellovin wrote:
Does anyone know of any (verifiable) examples of non-government enemies
exploiting flaws in cryptography?  I'm looking for real-world attacks on
short key lengths, bad ciphers, faulty protocols, etc., by parties other
than governments and militaries.

I'd suggest:

1. GSM. The phones were first cracked by Lucky Green back in 1998 as an academic demo, and a few years back I heard it was possible to buy crack devices. I didn't follow up, but the existance of kits would indicate there was a market for paparrazi or minute-theft or PIs.

2. chip & pin. Look at the Cambridge lab work. They've been involved in some legal cases, and there might be some verified crunches in there.

I'm not interested in academic attacks
-- I want to be able to give real-world advice -- nor am I looking for
yet another long thread on the evils and frailties of PKI.

Yeah.

If you are doing research to document the state of real breaches, that would be valuable info.


iang
_______________________________________________
cryptography mailing list
[email protected]
http://lists.randombit.net/mailman/listinfo/cryptography

Reply via email to