funsec mailing list archives
Re: Encryption is less secure than we thought
From: "Marc" <marc () marcd org>
Date: Fri, 16 Aug 2013 17:23:56 -0400
In my opinion, the title of the article is a bit misleading. It’s not the cryptography/encryption that’s the issue, it’s the protection of the key. In most cases the key is a password/passphrase and not a long pseudo random key. Key management is a critical part of cryptography that is often overlooked and is the weakest link in the chain. So, in short – IMHO it’s not the cryptography – it’s the implementation that is the issue. Of course, other issues are also present, like using table lookups in AES to enhance performance, which also weakens the cryptography, for instance; but poor key management is the easiest thing one can do to screw up otherwise good cryptography. Just my observation and opinion. Marc From: funsec-bounces () linuxbox org [mailto:funsec-bounces () linuxbox org] On Behalf Of Daniël W. Crompton Sent: Friday, August 16, 2013 15:58 To: funsec Subject: [funsec] Encryption is less secure than we thought http://www.mit.edu/newsoffice/2013/encryption-is-less-secure-than-we-thought-0814.html What do you think? -- blaze your trail -- Daniël W. Crompton <daniel.crompton () gmail com> <https://app.yesware.com/tl/9c9e8bb890b2c61ccf5ccb1efbfd0ea222e4bce5/38a9dc2afe5214eef82c1b699637c9cd/8c60c2fc129bb1c6c391a639fdc1da58?ytl=http%3A%2F%2Fspecialbrands.net%2F> <https://app.yesware.com/tl/9c9e8bb890b2c61ccf5ccb1efbfd0ea222e4bce5/38a9dc2afe5214eef82c1b699637c9cd/6ce7d3c11b9d006aaf337266d8c26184?ytl=http%3A%2F%2Fspecialbrands.net%2F> http://specialbrands.net/ <https://app.yesware.com/tl/9c9e8bb890b2c61ccf5ccb1efbfd0ea222e4bce5/38a9dc2afe5214eef82c1b699637c9cd/c493f563f01c668f985e634b2db8e0df?ytl=http%3A%2F%2Ftwitter.com%2Fwebhat> <https://app.yesware.com/tl/9c9e8bb890b2c61ccf5ccb1efbfd0ea222e4bce5/38a9dc2afe5214eef82c1b699637c9cd/b0e32a954ec9877f67acd5fd6c531f7d?ytl=http%3A%2F%2Fwww.facebook.com%2Fwebhat> <https://app.yesware.com/tl/9c9e8bb890b2c61ccf5ccb1efbfd0ea222e4bce5/38a9dc2afe5214eef82c1b699637c9cd/033224e49209a040b330313384f6bb2a?ytl=http%3A%2F%2Fplancast.com%2Fwebhat> <https://app.yesware.com/tl/9c9e8bb890b2c61ccf5ccb1efbfd0ea222e4bce5/38a9dc2afe5214eef82c1b699637c9cd/c712e98d962bc8a500bfae7452a6a666?ytl=http%3A%2F%2Fwww.linkedin.com%2Fin%2Fredhat> <https://app.yesware.com/t/9c9e8bb890b2c61ccf5ccb1efbfd0ea222e4bce5/38a9dc2afe5214eef82c1b699637c9cd/spacer.gif> <http://app.yesware.com/t/9c9e8bb890b2c61ccf5ccb1efbfd0ea222e4bce5/38a9dc2afe5214eef82c1b699637c9cd/spacer.gif>
_______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Encryption is less secure than we thought Daniël W . Crompton (Aug 16)
- Re: Encryption is less secure than we thought Valdis . Kletnieks (Aug 16)
- Re: Encryption is less secure than we thought Marc (Aug 16)