On 3/7/15, Dave Horsfall <[email protected]> wrote: > On Sat, 7 Mar 2015, Kevin wrote: > >> > No 1 vulnerability of crypto is the user >> > 2nd passphrases >> > 3rd overconfidence >> > 4th trust in the producer >> > 5th believing backdoors are No. 1 >> >> I don't agree that the user should be first on that list unless you are >> talking about poor implementation. > > How would you arrange them, then? I seem to recall that Enigma was broken > largely due to sloppy user practices e.g. weak message key, re-use of > keys, repeating same message with a weaker scheme, etc. Used properly, > Enigma would've been unbreakable at the time.
1. failed software and security engineering. [#'s 1, 2, 4 above all reduce to this error.] 2. overconfidence [believing backdoors or nation state attacks are your weakness is overconfidence in the rest of your threat model] 3. complacency [if everything else is in place, letting habit slide to convenience, then to compromise, will result in sorrow.] some would say that truly strong, usable crypto systems with integrity for the common public are impossible. i would retort that just because we don't know how to build them yet, does not mean they won't exist in the future. :P best regards, _______________________________________________ cryptography mailing list [email protected] http://lists.randombit.net/mailman/listinfo/cryptography
