"PGP Encryption Proves Powerful"
Arnold G. Reinhold
reinhold at world.std.com
Fri May 30 12:21:16 EDT 2003
At 1:22 PM -0400 5/29/03, Ian Grigg wrote:
>The following appears to be a bone fide case of a
>threat model in action against the PGP program.
>
>Leaving aside commentary on the pros and cons
>within this example, there is a desparate lack of
>real experience in how crypto systems are attacked.
>IMHO, this leads to some rather poorly chosen
>engineering decisions that have shown themselves
>to stymie or halt the success of otherwise good
>crypto systems.
>
>Does anyone know of a repository for real life
>attacks on crypto systems? Or are we stuck with
>theoretical and academic threats when building
>new systems?
>
>iang
There is a lot of material from the World War II era (e.g Silk and
Cyanide by Leo Marks) and the early cold war (e.g.
http://www.nsa.gov/docs/venona/).
Government cryptographic successes are usually highly classified and
kept that way for decades. There was one recent story about the FBI's
apparent use of a keyboard logger to get a accused organized
criminal's password. The latest U.S. Government wiretap report
http://www.uscourts.gov/wiretap02/contents.html (they are now
required to report on encryption incidents) says: "Encryption was
reported to have been encountered in 16 wiretaps terminated in 2002
and in 18 wiretaps terminated in calendar year 2001 or earlier but
reported for the first time in 2002; however in none of these case
was encryption reported to have prevented law enforcement officials
from obtaining the plain text of the communications intercepted." By
comparison they reported 1358 intercepts authorized in 2002.
Arnold Reinhold
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list