On Nov 29, 2011, at 8:33 PM, Ilya Levin wrote:
> On Tue, Nov 29, 2011 at 5:52 PM, Jon Callas <j...@callas.org> wrote:
>
>> But the other one is Drew Gross's observation. If you think like an
>> attacker, then you're a fool to worry about the crypto.
>
> While generally true, this is kind of an overstatement. I'd say that
> if you think like an attacker then crypto must be the least of your
> worries. But you still must worry about it.
>
> I've seen real life systems were broken because of crypto combined
> with other thins. Well, I broke couple of these in old days (whitehat
> legal stuff)
>
> For example, the Internet banking service of the bank I would not name
> here was compromised during a blind remote intrusion simulating
> exercise because of successful known plaintext attack on DES. Short
> DES keys together with key derivation quirks and access to ciphertext
> made the attack very practical and very effective.
>
> Again, I'm not arguing with Drew Gross's observation. It is just a bit
> extreme to say it like this.
Let me try to restate what I was saying, because I think the point is getting
lost in the words.
If I were an attacker who wanted to compromise your computers, I would not
attack your crypto. I would attack your software. Even if what I wanted to do
was ultimately to get to your crypto, I wouldn't mount a cryptanalytical
attack, I'd attack your system. That's it.
We are seeing this in the real world now. The targeted malware that the German
government has to compromise Skype is not cryptanalysis, it is a systems-level
attack that then gets at the crypto.
Robert Morris gave the famous advice, "first, check for plaintext." I'm just
saying that checking first for Flash today's equivalent.
Jon
_______________________________________________
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography
