50 Ways to Defeat Your PKI and Other Cryptosystems


Click here to start

Table of contents

50 Ways to Defeat Your PKI and Other Cryptosystems

Disclaimer

Fred Cohen

Current Efforts

Richard Power Called

1. Flood the PKI

2. Interrupt Traffic

3. Buy a Key

4. Buy a Lot of Keys

5. Steal Keys with a Word Trojan

6. Steal Keys with a 123 Trojan

7. Exploit an OS Weakness

8. Observe Keystrokes

9. Guess a Password

10.Disable Crypto with a Trojan

11. Revoke a Key

12. Selected Plaintext

13. Break into the Master Server

14. Break the DNS

15. Crash a few Key Servers

16. Use time as a Covert Channel

17. Forge NNTP

18. Man-in-the-middle

19. van-Eck Attack before encrypt

20. van-Eck attack after decrypt

21. Video Viewing for Keys

22. Video Viewing for Messages

23. Fake Keyboard

24. Trojan the Master Binaries

25. Buy a Trojan

26. Force Escrow on People

27. Limit Key Length

28. Fake a Distribution

29. Create a New Algorithm

30. Use Parallelism

31. Viral Codebreaking

32. Modify the PRNG

33. Exploit PRNG Weakness

34. Reduce Generator Randomness

35. Create Trojan Keys

36. Generate a Lot of Traffic

37. Make Lots of Keys

38. Corrupt Private Keys

39. Disrupt Session Keys

40. Replay Distributions

41. Store Now, Break Later

42. Bribes

43. Disrupt Distributions

44. A False Update

45. Take the Originating System

46. Find a Protocol Flaw

47. Trick a User

48. Trojan a Browser

49. Get the Master Certificate

50. Publish This Article

It's 4:57

Author: Fred Cohen

E-mail: fc@all.net

Best viewed with
StarOffice