Chapter 6
Cryptographic Foibles
Many times I ve heard statements like, We re secure we use cryptography. The saying in cryptographic circles is, If you think crypto can solve the problem, you probably don t understand the problem. In this chapter, I ll focus on some of the common mistakes people make when using cryptography, including using poor random numbers, using passwords to derive cryptographic keys, managing keys poorly, and rolling their own cryptographic functions. I ll also look at using the same stream-cipher encryption key, bit-flipping attacks against stream ciphers, and reusing a buffer for plaintext and ciphertext. Let s get started with a topic of great interest to me: random numbers.