[Cryptography] "Android Keystore Encryption Scheme Broken, Researchers Say"
Jerry Leichter
leichter at lrw.com
Thu Jul 7 17:53:19 EDT 2016
https://threatpost.com/android-keystore-encryption-scheme-broken-researchers-say/119092/
It's a complex key-size downgrade attack whose actual real-world significance is unclear. But I found the following quote from the authors of interest, given our recent discussion of simplicity:
“Intuition often goes wrong when security is concerned,” the two write, “Unfortunately, system designers still tend to choose cryptographic schemes not for their proved security but for their apparent simplicity. We show, once again, that this is not a good choice, since it usually results in severe consequences for the whole underlying system.”
-- Jerry
More information about the cryptography
mailing list