debunking snake oil

Marcos el Ruptor ruptor at
Sat Sep 1 08:39:49 EDT 2007

 > I'd like to start with the really simple stuff; classical
 > cryptography, systems with clean and obvious "breaks".

You can start with RSA SecurID, Texas Instruments DST40, Microchip  
Technologies KeeLoq, Philips/NXP Hitag2, WEP RC4, Bluetooth E0, GSM  
A5... It's much harder to find a product or technology that  
implements proper ciphers, proper hashes, proper RNGs or proper  
protocols. And I don't mean small mistakes like in SSH1 or SSL. I  
mean look at all those proprietary weak ciphers sold for millions!  
Will they ever learn?

Ruptor - There is no need to design weak ciphers.

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at

More information about the cryptography mailing list