Table of contents50 Ways to Defeat Your PKI and Other Cryptosystems
Disclaimer
Fred Cohen
Current Efforts
Richard Power Called
1. Flood the PKI
2. Interrupt Traffic
3. Buy a Key
4. Buy a Lot of Keys
5. Steal Keys with a Word Trojan
6. Steal Keys with a 123 Trojan
7. Exploit an OS Weakness
8. Observe Keystrokes
9. Guess a Password
10.Disable Crypto with a Trojan
11. Revoke a Key
12. Selected Plaintext
13. Break into the Master Server
14. Break the DNS
15. Crash a few Key Servers
16. Use time as a Covert Channel
17. Forge NNTP
18. Man-in-the-middle
19. van-Eck Attack before encrypt
20. van-Eck attack after decrypt
21. Video Viewing for Keys
22. Video Viewing for Messages
23. Fake Keyboard
24. Trojan the Master Binaries
25. Buy a Trojan
26. Force Escrow on People
27. Limit Key Length
28. Fake a Distribution
29. Create a New Algorithm
30. Use Parallelism
31. Viral Codebreaking
32. Modify the PRNG
33. Exploit PRNG Weakness
34. Reduce Generator Randomness
35. Create Trojan Keys
36. Generate a Lot of Traffic
37. Make Lots of Keys
38. Corrupt Private Keys
39. Disrupt Session Keys
40. Replay Distributions
41. Store Now, Break Later
42. Bribes
43. Disrupt Distributions
44. A False Update
45. Take the Originating System
46. Find a Protocol Flaw
47. Trick a User
48. Trojan a Browser
49. Get the Master Certificate
50. Publish This Article
It's 4:57
|