Author(s): Tibor Jager, Kenneth G. Paterson, Juraj Somorovsky

Download: Paper (PDF)

Date: 24 Apr 2013

Document Type: Presentations

Additional Documents: Slides

Associated Event: NDSS Symposium 2013


Often a cryptographic standard offers a choice between several algorithms to perform the same cryptographic task, including secure state-of-the-art cryptosystems, as well as insecure legacy cryptosystems with known vulnerabilities that are made available for backwards compatibility reasons. Obviously using insecure legacy cryptosystems is dangerous. However, we show the less obvious fact that even if users have the best of intentions to use only the most up-to-date, vulnerability-free version of a system, the mere existence of support for old versions can have a catastrophic effect on security.