Interesting People mailing list archives

Previous By Date Next
Previous By Thread Next

IP: Re: Fault-induced crypto attacks a

From: Dave Farber <farber () cis upenn edu>
Date: Wed, 06 Nov 1996 07:20:17 -0500
Date: Wed, 6 Nov 1996 09:43:43 +0000
To: Dave Farber <farber () central cis upenn edu>


Dave:



I've been watching the recent announcements about fault-induced
cryptanalysis with interest [e.g., RISKS-18.50,52,54,55,56].  Whereas the
attacks are extremely powerful tools, they aren't at all new to the crypto
community -- there has been widespread discussion for years about these,
they've been implemented by criminals and security system evaluators, and
they are reasonably well documented.



A different sort of fault perhaps, but Tony Sale's lecture here a few weeks
ago revealed that Bletchley Park's initial  breaking of the Lorenz
teleprinter (aka "Fish") ciphers in the early years of WW2, which led
subsequently to the building of the Colossus computers, was entirely due to
*one* fault on the part of one German teleprinter operator. They found that
he had resent one lengthy message, but by re-keying it (somwhat
inaccurately) rather than using the punched teleprinter tape. From this one
pair of messages they managed to discover the full detailed logical
operation of the cipher machine unseen, and create a means of breaking the
messages that were being sent using it to and from the German High Command.
As Tony said, for the rest of the war, the cryptanalysts prayed that no
over-eager Allied soldier captured a Fish machine!


Cheers


Brian


PS Years ago, after a lecture here by Donald Davies on DES, and emboldened
merely by my reading of David Kahn and the like, I brought a
typically-academic discussion of its security to a screeching halt by
suggesting that perhaps sometime in the future I would be the proud
possessor of a DES-based cipher machine - which, (like the Enigma cipher
machine that I already own) was historically famous for the importance of
the messages that machines like it had failed to protect :-)




Dept. of Computing Science, University of Newcastle, Newcastle upon Tyne,
NE1 7RU, UK
EMAIL = Brian.Randell () newcastle ac uk   PHONE = +44 191 222 7923
FAX = +44 191 222 8232  URL = http://www.cs.ncl.ac.uk/~brian.randell/
Previous By Date Next
Previous By Thread Next

Current thread: