Finding flaw in cryptographic protocol

The name of the pictureThe name of the pictureThe name of the pictureClash Royale CLAN TAG#URR8PPP











up vote
3
down vote

favorite
2












If you find a flaw or bug for example in Linux kernel you can create an issue in GitHub, or if you can solve it you can contribute.

How about Finding a flaw in cryptographic protocol?!



  • How can you report it or flag an issue?

  • If you can fix it, is it possible to contribute?









share|improve this question

























    up vote
    3
    down vote

    favorite
    2












    If you find a flaw or bug for example in Linux kernel you can create an issue in GitHub, or if you can solve it you can contribute.

    How about Finding a flaw in cryptographic protocol?!



    • How can you report it or flag an issue?

    • If you can fix it, is it possible to contribute?









    share|improve this question























      up vote
      3
      down vote

      favorite
      2









      up vote
      3
      down vote

      favorite
      2






      2





      If you find a flaw or bug for example in Linux kernel you can create an issue in GitHub, or if you can solve it you can contribute.

      How about Finding a flaw in cryptographic protocol?!



      • How can you report it or flag an issue?

      • If you can fix it, is it possible to contribute?









      share|improve this question













      If you find a flaw or bug for example in Linux kernel you can create an issue in GitHub, or if you can solve it you can contribute.

      How about Finding a flaw in cryptographic protocol?!



      • How can you report it or flag an issue?

      • If you can fix it, is it possible to contribute?






      encryption






      share|improve this question













      share|improve this question











      share|improve this question




      share|improve this question










      asked 5 hours ago









      R1w

      562222




      562222




















          2 Answers
          2






          active

          oldest

          votes

















          up vote
          2
          down vote













          First of all, if the protocol is under use, you have to warn them before publicly announce. Otherwise, there can be very catastrophic results. First day attacks are very common.



          Demonstrating only the flaw is a half paper, with countermeasures you will have a good paper. Of course, you have to give time to people to deploy the countermeasures.



          1. Example RSA Dual_EC_DRBG .

          2. Example Heartbleed Bug





          share|improve this answer





























            up vote
            1
            down vote













            Or, you try to cash in on it.



            If you're any good at finding flaws, there is a lucrative (and legal) market in vulnerabilities and zero day exploits. All of the security agencies pay to get these, presumably under some form of non disclosure agreements/secrecy legislation. If you're really good, you should be able to sell the same exploit to multiple buyers. It depends on your contacts as to whether you are able to access this market though.



            In the war on terror, it could literally be catastrophic to not exploit such flaws. Hawks would argue that it's your patriotic duty to pass such information onto the security agencies. It's to protect the children too. Or so the ideology goes. See US NOBUS policy.






            share|improve this answer




















            • I confused how legal is to sell zero-day exploit and what is the difference between selling it to those people or in darknet?
              – R1w
              3 mins ago










            Your Answer




            StackExchange.ifUsing("editor", function ()
            return StackExchange.using("mathjaxEditing", function ()
            StackExchange.MarkdownEditor.creationCallbacks.add(function (editor, postfix)
            StackExchange.mathjaxEditing.prepareWmdForMathJax(editor, postfix, [["$", "$"], ["\\(","\\)"]]);
            );
            );
            , "mathjax-editing");

            StackExchange.ready(function()
            var channelOptions =
            tags: "".split(" "),
            id: "281"
            ;
            initTagRenderer("".split(" "), "".split(" "), channelOptions);

            StackExchange.using("externalEditor", function()
            // Have to fire editor after snippets, if snippets enabled
            if (StackExchange.settings.snippets.snippetsEnabled)
            StackExchange.using("snippets", function()
            createEditor();
            );

            else
            createEditor();

            );

            function createEditor()
            StackExchange.prepareEditor(
            heartbeatType: 'answer',
            convertImagesToLinks: false,
            noModals: false,
            showLowRepImageUploadWarning: true,
            reputationToPostImages: null,
            bindNavPrevention: true,
            postfix: "",
            noCode: true, onDemand: true,
            discardSelector: ".discard-answer"
            ,immediatelyShowMarkdownHelp:true
            );



            );













             

            draft saved


            draft discarded


















            StackExchange.ready(
            function ()
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fcrypto.stackexchange.com%2fquestions%2f62847%2ffinding-flaw-in-cryptographic-protocol%23new-answer', 'question_page');

            );

            Post as a guest






























            2 Answers
            2






            active

            oldest

            votes








            2 Answers
            2






            active

            oldest

            votes









            active

            oldest

            votes






            active

            oldest

            votes








            up vote
            2
            down vote













            First of all, if the protocol is under use, you have to warn them before publicly announce. Otherwise, there can be very catastrophic results. First day attacks are very common.



            Demonstrating only the flaw is a half paper, with countermeasures you will have a good paper. Of course, you have to give time to people to deploy the countermeasures.



            1. Example RSA Dual_EC_DRBG .

            2. Example Heartbleed Bug





            share|improve this answer


























              up vote
              2
              down vote













              First of all, if the protocol is under use, you have to warn them before publicly announce. Otherwise, there can be very catastrophic results. First day attacks are very common.



              Demonstrating only the flaw is a half paper, with countermeasures you will have a good paper. Of course, you have to give time to people to deploy the countermeasures.



              1. Example RSA Dual_EC_DRBG .

              2. Example Heartbleed Bug





              share|improve this answer
























                up vote
                2
                down vote










                up vote
                2
                down vote









                First of all, if the protocol is under use, you have to warn them before publicly announce. Otherwise, there can be very catastrophic results. First day attacks are very common.



                Demonstrating only the flaw is a half paper, with countermeasures you will have a good paper. Of course, you have to give time to people to deploy the countermeasures.



                1. Example RSA Dual_EC_DRBG .

                2. Example Heartbleed Bug





                share|improve this answer














                First of all, if the protocol is under use, you have to warn them before publicly announce. Otherwise, there can be very catastrophic results. First day attacks are very common.



                Demonstrating only the flaw is a half paper, with countermeasures you will have a good paper. Of course, you have to give time to people to deploy the countermeasures.



                1. Example RSA Dual_EC_DRBG .

                2. Example Heartbleed Bug






                share|improve this answer














                share|improve this answer



                share|improve this answer








                edited 4 hours ago

























                answered 5 hours ago









                kelalaka

                711214




                711214




















                    up vote
                    1
                    down vote













                    Or, you try to cash in on it.



                    If you're any good at finding flaws, there is a lucrative (and legal) market in vulnerabilities and zero day exploits. All of the security agencies pay to get these, presumably under some form of non disclosure agreements/secrecy legislation. If you're really good, you should be able to sell the same exploit to multiple buyers. It depends on your contacts as to whether you are able to access this market though.



                    In the war on terror, it could literally be catastrophic to not exploit such flaws. Hawks would argue that it's your patriotic duty to pass such information onto the security agencies. It's to protect the children too. Or so the ideology goes. See US NOBUS policy.






                    share|improve this answer




















                    • I confused how legal is to sell zero-day exploit and what is the difference between selling it to those people or in darknet?
                      – R1w
                      3 mins ago














                    up vote
                    1
                    down vote













                    Or, you try to cash in on it.



                    If you're any good at finding flaws, there is a lucrative (and legal) market in vulnerabilities and zero day exploits. All of the security agencies pay to get these, presumably under some form of non disclosure agreements/secrecy legislation. If you're really good, you should be able to sell the same exploit to multiple buyers. It depends on your contacts as to whether you are able to access this market though.



                    In the war on terror, it could literally be catastrophic to not exploit such flaws. Hawks would argue that it's your patriotic duty to pass such information onto the security agencies. It's to protect the children too. Or so the ideology goes. See US NOBUS policy.






                    share|improve this answer




















                    • I confused how legal is to sell zero-day exploit and what is the difference between selling it to those people or in darknet?
                      – R1w
                      3 mins ago












                    up vote
                    1
                    down vote










                    up vote
                    1
                    down vote









                    Or, you try to cash in on it.



                    If you're any good at finding flaws, there is a lucrative (and legal) market in vulnerabilities and zero day exploits. All of the security agencies pay to get these, presumably under some form of non disclosure agreements/secrecy legislation. If you're really good, you should be able to sell the same exploit to multiple buyers. It depends on your contacts as to whether you are able to access this market though.



                    In the war on terror, it could literally be catastrophic to not exploit such flaws. Hawks would argue that it's your patriotic duty to pass such information onto the security agencies. It's to protect the children too. Or so the ideology goes. See US NOBUS policy.






                    share|improve this answer












                    Or, you try to cash in on it.



                    If you're any good at finding flaws, there is a lucrative (and legal) market in vulnerabilities and zero day exploits. All of the security agencies pay to get these, presumably under some form of non disclosure agreements/secrecy legislation. If you're really good, you should be able to sell the same exploit to multiple buyers. It depends on your contacts as to whether you are able to access this market though.



                    In the war on terror, it could literally be catastrophic to not exploit such flaws. Hawks would argue that it's your patriotic duty to pass such information onto the security agencies. It's to protect the children too. Or so the ideology goes. See US NOBUS policy.







                    share|improve this answer












                    share|improve this answer



                    share|improve this answer










                    answered 16 mins ago









                    Paul Uszak

                    6,08111332




                    6,08111332











                    • I confused how legal is to sell zero-day exploit and what is the difference between selling it to those people or in darknet?
                      – R1w
                      3 mins ago
















                    • I confused how legal is to sell zero-day exploit and what is the difference between selling it to those people or in darknet?
                      – R1w
                      3 mins ago















                    I confused how legal is to sell zero-day exploit and what is the difference between selling it to those people or in darknet?
                    – R1w
                    3 mins ago




                    I confused how legal is to sell zero-day exploit and what is the difference between selling it to those people or in darknet?
                    – R1w
                    3 mins ago

















                     

                    draft saved


                    draft discarded















































                     


                    draft saved


                    draft discarded














                    StackExchange.ready(
                    function ()
                    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fcrypto.stackexchange.com%2fquestions%2f62847%2ffinding-flaw-in-cryptographic-protocol%23new-answer', 'question_page');

                    );

                    Post as a guest













































































                    Comments

                    Popular posts from this blog

                    What does second last employer means? [closed]

                    Installing NextGIS Connect into QGIS 3?

                    One-line joke