David Wagner is sort of godlike...
Mar. 1st, 2002 10:41 am![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
ciphergothFrom: daw@mozart.cs.berkeley.edu (David Wagner)
Subject: Re: secure block cipher for one-byte blocks?
Newsgroups: sci.crypt
Date: Thu, 28 Feb 2002 23:33:35 +0000 (UTC)
Organization: University of California, Berkeley
Daniel Mehkeri wrote:
>Noted. What are the other nine? Or is there a good reference for "top ten
>stupid crypto things people do"?
Good question. I'd have to think about it for a while. Others include
things like designing your own homebrew cipher or mode of operation,
reusing the same key in both directions or across multiple sessions,
not authenticating all contextual information that could affect how
the received data is interpreted, forgetting to check for special-case
values in number-theoretic implementations (e.g., 0, 1, -1 are bad for
Diffie-Hellman), fault attacks where error codes and other behavior reveal
information about success or failure or about confidential information,
bad randomness generation, using non-repeating values where unpredictable
ones are needed, forgetting to zeroize sensitive data, failure to think
about how to recover from a compromise and how to limit its impact,
incorrectly assuming that chosen-plaintext or -ciphertext attacks aren't
a practical concern, and I'm sure many more that I'm forgetting. (Did I
go over ten? If so, I apologize -- maybe some subset of that is needed.)
