> I seem to recall that Enigma was broken largely due to sloppy user practices > e.g. weak message key, re-use of keys, repeating same message with a weaker > scheme, etc. Used properly, Enigma would've been unbreakable at the time.
Yes, sloppy user practices helped cryptanalysis on all sides, but it isn't fair to place all the blame on user practices. Even the best Enigma machines had some serious fundamental weaknesses[0] which better user practices would not have been able to fix. Furthermore some of the user practices that aided cryptanalysis were official approved practices and should be viewed as part of the cryptosystem and not the fault of the users themselves[1]. Changing some of these user practices would also have hurt effective communication (an inherent trade off between mission assurance and information assurance). It is remarked that user error helped defeat enigma, but these errors often included things like allowing the allies to capture enigma machines or manuals. I think you are on to something with looking at Enigma as a case study to tease apart different failure modes. I would be very interested to see a list of all enigma cryptanalytic successes sorted by: 1. failure to follow approved practices, 2. poorly designed approved practices, 3. cryptographic weaknesses. [0]: http://en.wikipedia.org/wiki/Cryptanalysis_of_the_Enigma#Security_properties [1]: http://en.wikipedia.org/wiki/Cryptanalysis_of_the_Enigma#Operating_shortcomings On Sat, Mar 7, 2015 at 12:01 PM, Dave Horsfall <d...@horsfall.org> wrote: > On Sat, 7 Mar 2015, Kevin wrote: > >> > No 1 vulnerability of crypto is the user >> > 2nd passphrases >> > 3rd overconfidence >> > 4th trust in the producer >> > 5th believing backdoors are No. 1 >> >> I don't agree that the user should be first on that list unless you are >> talking about poor implementation. > > How would you arrange them, then? I seem to recall that Enigma was broken > largely due to sloppy user practices e.g. weak message key, re-use of > keys, repeating same message with a weaker scheme, etc. Used properly, > Enigma would've been unbreakable at the time. > > -- > Dave Horsfall DTM (VK2KFU) "Bliss is a MacBook with a FreeBSD server." > http://www.horsfall.org/spam.html (and check the home page whilst you're > there) > _______________________________________________ > cryptography mailing list > cryptography@randombit.net > http://lists.randombit.net/mailman/listinfo/cryptography _______________________________________________ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography