Breakin attempts
Patrick O'Callaghan
pocallaghan at gmail.com
Fri Apr 23 15:00:16 UTC 2010
On Fri, 2010-04-23 at 10:09 -0400, Tom Horsley wrote:
> On Fri, 23 Apr 2010 09:35:55 -0430
> Patrick O'Callaghan wrote:
>
> > More to the point, there would be widespread panic among banks and
> > online shopping sites, webmail sites, and anywhere else that relies on a
> > public-key based security model, which is essentially all of them.
>
> Nah, those aren't really problems. As we have already seen with all
> the recent spate of credit card number pilfering, it is far simpler
> to get a crook hired by the company to get inside info than to
> waste lots of time with cracking encryption codes :-).
Indeed. One of the fallacies of the security-challenged is to think that
by solving crypto, you've solved security. Needham and Schroeder put it
very well:
"If you think your problem can be solved by cryptography, you don't
understand cryptography and you don't understand your problem."
(It's an aphorism, not to be taken *too* literally).
poc
More information about the users
mailing list