On Nov 27, 2011, at 11:00 PM, Peter Gutmann wrote:
> Steven Bellovin <[email protected]> writes:
>
>> Does anyone know of any (verifiable) examples of non-government enemies
>> exploiting flaws in cryptography?
>
> Could you be a bit more precise about what "flaws in cryptography" covers?
> If
> you mean exploiting bad or incorrect implementations of crypto then there's
> so
> much that I barely know where to start, if it's actual cryptanalytic attacks
> on anything other than toy crypto (homebrew ciphers, known-weak keys, etc)
> then there's very little around. If it's something else, you'd have to let us
> know where the borders lie.
>
Private reply. I'm writing a new book on security; let me know if you want to
see the preface and ToC. Right now, I'm working on the crypto chapter. So --
in a book that stresses realistic security and paying attention to threat
models,
what do I tell folks about petroleum herpetology? Passwords are a different
chapter;
so is process. DRM is out of scope for this book. But I don't really want to
advertise it this far in advance of completion at best, it will be released
about a
year from now, and that's *if* I can finish it by May or June.
--Steve Bellovin, https://www.cs.columbia.edu/~smb
_______________________________________________
cryptography mailing list
[email protected]
http://lists.randombit.net/mailman/listinfo/cryptography