Crypto-guru slams 'NSA-proof' tech, says today's crypto is strong enough

  • 18 May 2014
  • 0 replies
  • 257 views

Userlevel 7

Reminder: The maths is good, it's the implementation that sucks

By Darren Pauli, 16 May 2014  AusCERT History is filled with companies shamed by their shoddy cryptography implementations – even though the underlying maths is bang on.
 
In a presentation titled "Crypto Won't Save You" at the AusCERT conference on Australia's Gold Coast, respected cryptographer Peter Gutmann of the University of Auckland took security bods through a decade of breaches featuring a laundry list of the world's biggest brands.
 Gutmann's point was to demonstrate how the weakest point of cryptography was typically in its implementation rather than the maths itself. He demonstrated that consumer devices from the Amazon Kindle to the Sony Playstation and Microsoft Xbox consoles were hacked not because of weak cryptography, but due to poor deployment of security mechanisms, which were bypassed by attackers.
 
Many more systems have been broken due to poor implementations. The crypto used by lower-end ransomware to encrypt victims' files can be broken by security pros, allowing the documents to be rescued without having to pay the ransom.
 
 
 
Full Article
 
This one is a good read not only for content but also because it goes against the trend that more is better.

0 replies

Be the first to reply!

Reply