On 28/11/11 07:10 AM, Steven Bellovin wrote:
Does anyone know of any (verifiable) examples of non-government enemies
exploiting flaws in cryptography? I'm looking for real-world attacks on
short key lengths, bad ciphers, faulty protocols, etc., by parties other
than governments and militaries.
I'd suggest:
1. GSM. The phones were first cracked by Lucky Green back in 1998 as
an academic demo, and a few years back I heard it was possible to buy
crack devices. I didn't follow up, but the existance of kits would
indicate there was a market for paparrazi or minute-theft or PIs.
2. chip & pin. Look at the Cambridge lab work. They've been involved
in some legal cases, and there might be some verified crunches in there.
I'm not interested in academic attacks
-- I want to be able to give real-world advice -- nor am I looking for
yet another long thread on the evils and frailties of PKI.
Yeah.
If you are doing research to document the state of real breaches, that
would be valuable info.
iang
_______________________________________________
cryptography mailing list
[email protected]
http://lists.randombit.net/mailman/listinfo/cryptography