Ilya Levin wrote:
On Tue, Nov 29, 2011 at 5:52 PM, Jon Callas <[email protected]> wrote:

But the other one is Drew Gross's observation. If you think like an attacker, 
then you're a fool to worry about the crypto.

While generally true, this is kind of an overstatement. I'd say that
if you think like an attacker then crypto must be the least of your
worries.  But you still must worry about it.

I've seen real life systems were broken because of crypto combined
with other thins. Well, I broke couple of these in old days (whitehat
legal stuff)

For example, the Internet banking service of the bank I would not name
here was compromised during a blind remote intrusion simulating
exercise because of successful known plaintext attack on DES. Short
DES keys together with key derivation quirks and access to ciphertext
made the attack very practical and very effective.


Indeed, single-length DES cracking for attacking electronic payment networks is the other instance (along with the TI software signature public key factorization) of a "production" crypto attack. Both are based on brute force against short key material.

It is not verifiable because a) the perpetrators needed no publicity to benefit, and b) the financial institutions were upgrading electronic payment gear to triple-DES (suddenly at a faster than usual pace which could raise suspicion, at least in my mind), and also preferred less publicity.

I had some form of confirmation (that the attack scenario occurred) by the way the triple-DES upgrade project success has been described by a bank technology specialist who would have been aware of the incident(s).

- Thierry Moreau

Again, I'm not arguing with Drew Gross's observation. It is just a bit
extreme to say it like this.

Best regards,
Ilya

---
http://www.literatecode.com

_______________________________________________
cryptography mailing list
[email protected]
http://lists.randombit.net/mailman/listinfo/cryptography

Reply via email to