On Tue, Nov 29, 2011 at 5:52 PM, Jon Callas <j...@callas.org> wrote: > But the other one is Drew Gross's observation. If you think like an attacker, > then you're a fool to worry about the crypto.
While generally true, this is kind of an overstatement. I'd say that if you think like an attacker then crypto must be the least of your worries. But you still must worry about it. I've seen real life systems were broken because of crypto combined with other thins. Well, I broke couple of these in old days (whitehat legal stuff) For example, the Internet banking service of the bank I would not name here was compromised during a blind remote intrusion simulating exercise because of successful known plaintext attack on DES. Short DES keys together with key derivation quirks and access to ciphertext made the attack very practical and very effective. Again, I'm not arguing with Drew Gross's observation. It is just a bit extreme to say it like this. Best regards, Ilya --- http://www.literatecode.com _______________________________________________ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography