<div dir="ltr"><div class="gmail_extra"><div class="gmail_quote">On Mon, Sep 12, 2016 at 12:33 AM, Stephen Farrell <span dir="ltr"><<a href="mailto:stephen.farrell@cs.tcd.ie" target="_blank">stephen.farrell@cs.tcd.ie</a>></span> wrote:<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><span>
On 12/09/16 07:53, Peter Gutmann wrote:<br>
> Stephen Farrell <<a href="mailto:stephen.farrell@cs.tcd.ie" target="_blank">stephen.farrell@cs.tcd.ie</a>> writes:<br>
>> On 11/09/16 10:50, Peter Gutmann wrote:<br>
>>> Which leads to a further corollary..... probably a waste<br>
>>> of time because there's always an easier way in.<br>
>><br></span></blockquote><div>...... </div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><span>
> single DES isn't necessary because it's no longer the weakest point.<br>
<br>
</span>So I do think your message encouraged weaker crypto but the more<br>
interesting part is perhaps why the weakest point, as in the simplest<br>
attack to demonstrate, is not the only relevant argument.<br>
<br>
Yes, a rational attacker will choose the weakest point, in the<br>
sense of the most effective attack.<br></blockquote><div> <a href="http://www.metzdowd.com/mailman/listinfo/cryptography" rel="noreferrer" target="_blank"></a><br></div><div>To split a hair.<br>An attacker will use the vectors he has knowledge of.</div><div>Development of an attack is likely most fruitful if the attack builder</div><div>begins at what to him appears to be the weakest point.<br><br>The world of science and math are full of things that once were hard</div><div>but insight and often hard work relabel the "impossible to possible"</div><div>and the "hard to solved".</div><div><br></div><div>This discussion centers on two things... an attack surface (a buffer)</div><div>and a risk that the surface is not scrubbed clean.<br>If we cannot obliterate secret keys as expected then there is</div><div>a prize to be liberated by a bad guy or perhaps a white-hat.</div><div><br></div><div><br></div><div><br></div></div><div><br></div>-- <br><div data-smartmail="gmail_signature"><div dir="ltr"> T o m M i t c h e l l</div></div>
</div></div>