On Dec 2, 2011, at 5:26 27PM, Jeffrey Walton wrote: > On Sun, Nov 27, 2011 at 3:10 PM, Steven Bellovin <[email protected]> wrote: >> Does anyone know of any (verifiable) examples of non-government enemies >> exploiting flaws in cryptography? I'm looking for real-world attacks on >> short key lengths, bad ciphers, faulty protocols, etc., by parties other >> than governments and militaries. I'm not interested in academic attacks >> -- I want to be able to give real-world advice -- nor am I looking for >> yet another long thread on the evils and frailties of PKI. >> > "In July 2009, Benjamin Moody, a United-TI forum user, published the > factors of a 512-bit RSA key used to sign the TI-83+ series graphing > calculator....", > http://en.wikipedia.org/wiki/Texas_Instruments_signing_key_controversy.
Right. I have five examples. Apart from that one, there is: The (alleged) factoring of 512-bit keys in code-signing certificates The apparent use of WEP-cracking by the Gonzalez gang. While we don't know for sure that they did that, the Canadian Privacy Commissioner's report said that TJX used WEP, and one of the indictments said that Christopher Scott broke in to their wireless net. The GSM interceptor. I'm not using that one because the products I see are (nominally) aimed at government use, and while I'm sure many have been diverted I don't have any documented cases of them being used by the private sector. (For all of the reports about phone hacking by Murdoch's companies, I've seen no reports of cell phone eavesdropping to get the modern equivalent of, say, http://en.wikipedia.org/wiki/Squidgygate or Camillagate.) http://www.wired.com/threatlevel/2011/07/hacking-neighbor-from-hell/ -- someone who *really* wanted revenge on his neighbors. Given that his offenses were discovered to include child pornography, he was sentenced to 18 years. --Steve Bellovin, https://www.cs.columbia.edu/~smb _______________________________________________ cryptography mailing list [email protected] http://lists.randombit.net/mailman/listinfo/cryptography
