Sometimes there is some trivial way around doing something really, really hard:

26th Chaos Communication Congress
Here be dragons
Exposing Crypto Bugs through reverse engineering

Breaking good crypto is hard. It takes a genius to find a flaw in AES or Blowfish. On the other hand, it is also difficult to program cryptography correctly. Thus the simpler way of breaking a cryptographic software is often to reverse engineer it and find the crypto errors that were made by the programmers.

In this talk the simple errors will be demonstrated that were discovered when reverse engineering three products for evaluation or forensic purposes. In each case, a simple error gave access to information that was supposed to be protected by the best crypto algorithms.

The demos will be the following:

  • the FIPS 142-3 level 2 certified MXI stealth USB key (before it got patched)
  • a version of the E-capsule private safe from EISST
  • Data Beckers now defunct Private Safe software

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s