Re: Weak crypto [was: Re: how to specify "trust no signatures over hash

Hi,

I think there *is* a good reason for being more paranoid about broken crypto
than all the other attacks: broken crypto often leaves no evidence (to the point
of the victim not even noticing the attack) and hence leaves no room to reactive
countermeasures. More below.

Ian G wrote:
> I see no evidence of "routine criminal practice" ... and unlike some, I
> explicitly exclude "university students with or without laptop" from the
> general class of criminals :)
No-no, the wikipedia link was not meant as evidence, just a description of the
actual method. I have provided no evidence to the fact that brute-forcing 40 bit
RFID keys is routine criminal practice, because I was too lazy/busy to dig it
up. But I *have* read somewhere that several real cars (and very expensive ones,
at that) have been really stolen (in several countries, AFAIR) using this
technique by real criminals. For now, please take my word for it or google it up
yourself. A bit later, I might do the googling for you.

In the context of OpenPGP, I believe that we really should exclude the
possibility of attacks that penetrate our crypto, because the intended use cases
of OpenPGP include quite a few where such an attack cannot be detected even ex
post. A good example would be insider trading on information gained from
supposedly confidential correspondence. Such threats cannot be validated. Weak
crypto invites such attacks without any possibility of validating the 
vulnerability.

-- 
Daniel

signature.asc
Description: OpenPGP digital signature