Talk:Cryptanalysis/Draft

I am thinking of a re-organisation here, along the lines:

• Attacks on the system
  • Practical cryptanalysis
  • Traffic analysis
  • Side channel attacks
  • Bypassing authentication
  • Guessing secrets
    • Dictionary attacks on passwords
    • Random number weaknesses
    • Small keys
• Attacks on the ciphers

Then the topics we currently have under "Mathematical cryptanalysis".

Things like man-in-the-middle would then turn up in two places, first under "Bypassing authentication" because if you can do that then you don't have to break the actual encryption, and second under "Attacks on the ciphers" for details of attacks on different authentication mechanisms since those details are much the same as other attacks on RSA, block ciphers or whatever. Sandy Harris 01:51, 17 October 2008 (UTC)

Should social engineering be under guessing, or its own category? For that matter, where does one put the people who write their keys on their desk calendar?

Side channel, I assume. covers TEMPEST/HIJACK/TEAPOT/NONSTOP, timing analysis on plaintext, acoustic cryptanalysis, Operation RAFTER (specific case of getting the received text off the intermediate frequency)

Could you define "attacks on the ciphers"?

I think this is going somewhere interesting, but not sure where it is yet.

If you would, see if we can agree on some of the more specific (e.g.,) authentication attacks in communications security. I am also open to a better name for that article. Howard C. Berkowitz 05:51, 17 October 2008 (UTC)