Discussion in 'privacy technology' started by ronjor, Jun 25, 2012.
The problem with the general tech media is they don't understand cryptography (at all) and thus exaggerate claims of cracking algorithms and protocols. As the RSA blog explained, this attack only works if the attacker has control of your smartcard and the pin. As they pointed out, if they have that it's game over anyway. It's nothing but a theoretical exercise to explore weaknesses with PCKS v 1.5.
It's the same story with the recent news of Fujistu "cracking' pairing based crypto schemes. As was pointed out by Professor Dan Boneh at Stanford (one of the foremost experts in pairing based cryptography), the Fujitsu crack exploits a vulnerability that researchers have known about since 1994. His quote:
Moreover, the Fujitsu result only works in a certain finite field group GF(3^582), which most schemes do not use anyway.
This is why I always wait to read the analysis of experts before I start panicking about new cryptanalysis results (Schneier is usually a good source, but he didn't even cover either of these stories on his blog, which goes to show the relative unimportance of them).
Separate names with a comma.