Access member only content, take part in discussions with comments on blogs, news and reviews and receive all the latest security industry news directly to your inbox. Join now for free.
A confirmation email has been sent to your email address - SUPPLIED EMAIL HERE. Please click on the link in the email to verify your email address. You need to verify your email before you can start posting.
If you do not receive your confirmation email within the next few minutes, it may be because the email has been captured by a junk mail filter. Please ensure you add the domain @scmagazine.com.au to your white-listed senders.
For example, during World War 2, the allies were fortunate enough to find a German radio operator committing the cardinal sin of stream ciphers, reusing the same keystream for two different messages.
This led to the successful breaking of the so-called Tunny traffic, and also to the production of the Colossus machine to speed up the cracking process (contrary to popular myth, Colossus had nothing to do with breaking Enigma). So it is rather depressing to see the same mistake still being made today. For example, a recent analysis of Microsoft Office (http://eprint.iacr.org/2005/007.pdf) showed that the encryption implementation makes exactly the same mistake, namely keystream reuse. Although the RC4 cipher used is relatively secure, the implementation weakens the protection significantly.
Even more ironic is that Microsoft has previously made the same mistake, way back in 1999 (see Microsoft security bulletin MS99-056 for the gory details), albeit not in Office.
Of course, things can be even worse if you decide to use your own encryption algorithm, as Texas Instruments did with its Digital Signature Transponder (DST). The DST is a small device that sits in a car ignition key or other "smart" device and prevents unauthorised use.
Login above or Register now and get unlimited access.
Already subscribed but have forgotten your login? Recover your password your here.