Steven Bellovin <[email protected]> writes: >I'm writing something where part of the advice is "don't buy snake oil >crypto, get the good stuff".
I wrote about this back in 2002 in "Lessons Learned in Implementing and Deploying Crypto Software", we've gone from straight snake oil to second- order snake oil, good algorithms applied badly (the stuff I've seen people do with RSA, DH, AES, ...). So figuring out what "the good stuff" is (or at least spotting the bad stuff and declaring everything else to be good) isn't nearly as easy as it used to be. >[SIGINT] So -- is there a real threat that people have to worry about? I doubt it. Put another way, if you're paranoid about the MIB then you probably have more problems than crypto can deal with. >The claim has been made in the foxit blog, but as noted it's not verified, >merely asserted. Having discussed it with the Fox-IT person, I'm pretty convinced now that it was indeed a factorisation attack. OTOH there are some really, really strange things surrounding how it was done, I'll try and get a summary written when I get time. >Again, we all know how bad it is, but has it really been used? So now we're really getting more into philosophical rather than technical discussions. Is a system with gaping security holes that's so profoundly uninteresting to attackers that no-one even bothers looking at it (SCADA) more secure than one that's been designed and implemented relatively securely but that's such a tempting target that unreasonable amounts of effort are expended attacking it (Windows)? And who are your attackers? If it's random china^H^H^Hbogeymen then you need to worry about SCADA, if it's the entire world's cybercrime industry then you need to worry about Windows and forget SCADA because you can monetise the former and not the latter. So to quote Ian Grigg, WYTM (What's Your Threat Model)? I could put a DOS box on the Internet (assuming I could find a TCP stack for it) and it'd remain safe because no-one would ever target that. Peter. _______________________________________________ cryptography mailing list [email protected] http://lists.randombit.net/mailman/listinfo/cryptography
