Ilya Levin wrote:
On Tue, Nov 29, 2011 at 5:52 PM, Jon Callas <[email protected]> wrote:
But the other one is Drew Gross's observation. If you think like an attacker,
then you're a fool to worry about the crypto.
While generally true, this is kind of an overstatement. I'd say that
if you think like an attacker then crypto must be the least of your
worries. But you still must worry about it.
I've seen real life systems were broken because of crypto combined
with other thins. Well, I broke couple of these in old days (whitehat
legal stuff)
For example, the Internet banking service of the bank I would not name
here was compromised during a blind remote intrusion simulating
exercise because of successful known plaintext attack on DES. Short
DES keys together with key derivation quirks and access to ciphertext
made the attack very practical and very effective.
Indeed, single-length DES cracking for attacking electronic payment
networks is the other instance (along with the TI software signature
public key factorization) of a "production" crypto attack. Both are
based on brute force against short key material.
It is not verifiable because a) the perpetrators needed no publicity to
benefit, and b) the financial institutions were upgrading electronic
payment gear to triple-DES (suddenly at a faster than usual pace which
could raise suspicion, at least in my mind), and also preferred less
publicity.
I had some form of confirmation (that the attack scenario occurred) by
the way the triple-DES upgrade project success has been described by a
bank technology specialist who would have been aware of the incident(s).
- Thierry Moreau
Again, I'm not arguing with Drew Gross's observation. It is just a bit
extreme to say it like this.
Best regards,
Ilya
---
http://www.literatecode.com
_______________________________________________
cryptography mailing list
[email protected]
http://lists.randombit.net/mailman/listinfo/cryptography