On Nov 27, 2011, at 11:00 PM, Peter Gutmann wrote:

> Steven Bellovin <[email protected]> writes:
> 
>> Does anyone know of any (verifiable) examples of non-government enemies
>> exploiting flaws in cryptography?
> 
> Could you be a bit more precise about what "flaws in cryptography" covers?  
> If 
> you mean exploiting bad or incorrect implementations of crypto then there's 
> so 
> much that I barely know where to start, if it's actual cryptanalytic attacks 
> on anything other than toy crypto (homebrew ciphers, known-weak keys, etc) 
> then there's very little around.  If it's something else, you'd have to let us
> know where the borders lie.
> 
Private reply.  I'm writing a new book on security; let me know if you want to
see the preface and ToC.  Right now, I'm working on the crypto chapter.  So --
in a book that stresses realistic security and paying attention to threat 
models,
what do I tell folks about petroleum herpetology?  Passwords are a different 
chapter;
so is process.  DRM is out of scope for this book.  But I don't really want to
advertise it this far in advance of completion at best, it will be released 
about a
year from now, and that's *if* I can finish it by May or June.


                --Steve Bellovin, https://www.cs.columbia.edu/~smb





_______________________________________________
cryptography mailing list
[email protected]
http://lists.randombit.net/mailman/listinfo/cryptography

Reply via email to