[Cryptography] "Android Keystore Encryption Scheme Broken, Researchers Say"

[Jerry Leichter]

https://threatpost.com/android-keystore-encryption-scheme-broken-researchers-say/119092/

It's a complex key-size downgrade attack whose actual real-world significance is unclear.  But I found the following quote from the authors of interest, given our recent discussion of simplicity:

“Intuition often goes wrong when security is concerned,” the two write, “Unfortunately, system designers still tend to choose cryptographic schemes not for their proved security but for their apparent simplicity. We show, once again, that this is not a good choice, since it usually results in severe consequences for the whole underlying system.”

                                                        -- Jerry