[Cryptography] mathematical constants

iang iang at iang.org
Mon Jun 8 17:09:21 EDT 2026 

On 08/06/2026 21:49, Peter Gutmann via cryptography wrote:
> Jerry Leichter <leichter at lrw.com> writes:
>
>> What would work would be pre-commitment to values.
> How many attacks have there been due to published booby-trapped values in
> crypto algorithms?  (EC-DRBG doens't count because the private-key values were
> never made public, I mean published definitely non-NUMS values).
>
> Now, how many attacks have there been due to buffer overflows, XSS, SQLI,
> stack-smashing, ... ?


Not to mention, how many attacks have there been using phishing, social 
engineering, identity-sales fraud, lost bitcoins, phone porting (a US 
specialty), $5 wrench plumbing (a top-ten hit in France), the move to 
panopticon phone tracking (UK leads, but US states have their own game 
going on), the statal desire to unbank just bc (everywhere...), ...

It was estimated that 30% of all bitcoin was stolen or lost. If you get 
hacked at your bank, what are your chances of getting a conversation? 
Let alone getting your money back...

Meanwhile, security professionals & cryptographers are obsessed with 
attacks that simply do not rate in the real world. No 'history' no risk. 
No statistics, no loss. It's all theory - yeah this amazing exotic 
attack could happen if all the planets were in alignment!


> On the way back from a recent security meeting a friend of mine made the
> comment that worrying about side-channel attacks (which had come up there) was
> like frantically phoning around plumbers to fix a loose tap in a house that's
> on fire.


It's way worse - we spend time on complimenting society's fashion 
statement of lovely cryptographic algorithms while they're walking 
around with flame throwers on their back, smoking & juggling with firing 
brands...

This is why I don't spend a lot of time on this group - everyone's 
obsessed about theoretical weaknesses that never happen. And we all 
totally ignore the security shitstorm that actual ordinary human people 
have to navigate .. because it's not elegant coding or cryptography, 
it's not important.

Everyone believes we're Major Tom when we're really just shovelling 
Ashes to Ashes.



iang

More information about the cryptography mailing list