<p dir="ltr"></p>
<p dir="ltr">On Sun, Aug 17, 2014 at 5:29 AM, Peter Gutmann <<a href="mailto:pgut001@cs.auckland.ac.nz">pgut001@cs.auckland.ac.nz</a>> wrote:<br>
> ianG <<a href="mailto:iang@iang.org">iang@iang.org</a>> writes:<br>
><br>
>>b. RSA 1024 is considered a weak length these days. But it still depends on<br>
>>"against whom?"<br>
><br>
<chop><br>
><br>
> Another example of this occurs with online commerce. Turn off every cipher in<br>
> your browser except single DES (I'm not sure if you can still enable RC4/40)<br>
> and go to your bank and transfer some funds, or go to eBay and buy something.<br>
> Watch the complete lack of anything that arises from this.</p>
<p dir="ltr">Did you miss BEAST? On a browser without 1/n-1 record splitting, with certain extensions, we can steal cookies. The reason this isn't exploited is everyone patched it.</p>
<p dir="ltr">MD5 collisions lead to a forged CA and Flame. Cryptanalysis of RC4 broke WEP, and lead to the TJ Maxx breach. Bitcoin brain wallets are snarfed up by bots watching for keys derived from common passwords. Keyloq got busted wide open.</p>
<p dir="ltr">Some of us, including myself, work for organizations which have nasty, nasty enemies. To the extent that we have "good enough' security on the Internet, our ability to be secure becomes limited because we can't use technology everyone is assumed to have. Single DES cryptanalysis is cheap: if enough people could get in trouble if you had it, it would get done.</p>
<p dir="ltr">As for the original poster, I have found issues in many crypto libraries that lead to all sorts of badness. It might look like it works, but ends up dumping secrets all over the place.</p>
<p dir="ltr">Your average script kiddie isn't going to advance RC4 cryptanalysis when they can use default passwords and the promise of dirty pictures to get credit cards. The same applies to developing exploits. Would you say buffer overruns aren't a problem because they are hard to exploit and so script kiddies don't?<br>
><br>
> Peter.<br>
> _______________________________________________<br>
> The cryptography mailing list<br>
> <a href="mailto:cryptography@metzdowd.com">cryptography@metzdowd.com</a><br>
> <a href="http://www.metzdowd.com/mailman/listinfo/cryptography">http://www.metzdowd.com/mailman/listinfo/cryptography</a><br><br></p>
<p dir="ltr">-- <br>
"Those who would give up Essential Liberty to purchase a little Temporary Safety deserve neither Liberty nor Safety."<br>
-- Benjamin Franklin</p>