Finding flaw in cryptographic protocol
Clash Royale CLAN TAG#URR8PPP
up vote
3
down vote
favorite
If you find a flaw or bug for example in Linux kernel you can create an issue in GitHub, or if you can solve it you can contribute.
How about Finding a flaw in cryptographic protocol?!
- How can you report it or flag an issue?
- If you can fix it, is it possible to contribute?
encryption
add a comment |Â
up vote
3
down vote
favorite
If you find a flaw or bug for example in Linux kernel you can create an issue in GitHub, or if you can solve it you can contribute.
How about Finding a flaw in cryptographic protocol?!
- How can you report it or flag an issue?
- If you can fix it, is it possible to contribute?
encryption
add a comment |Â
up vote
3
down vote
favorite
up vote
3
down vote
favorite
If you find a flaw or bug for example in Linux kernel you can create an issue in GitHub, or if you can solve it you can contribute.
How about Finding a flaw in cryptographic protocol?!
- How can you report it or flag an issue?
- If you can fix it, is it possible to contribute?
encryption
If you find a flaw or bug for example in Linux kernel you can create an issue in GitHub, or if you can solve it you can contribute.
How about Finding a flaw in cryptographic protocol?!
- How can you report it or flag an issue?
- If you can fix it, is it possible to contribute?
encryption
encryption
asked 5 hours ago
R1w
562222
562222
add a comment |Â
add a comment |Â
2 Answers
2
active
oldest
votes
up vote
2
down vote
First of all, if the protocol is under use, you have to warn them before publicly announce. Otherwise, there can be very catastrophic results. First day attacks are very common.
Demonstrating only the flaw is a half paper, with countermeasures you will have a good paper. Of course, you have to give time to people to deploy the countermeasures.
- Example RSA Dual_EC_DRBG .
- Example Heartbleed Bug
add a comment |Â
up vote
1
down vote
Or, you try to cash in on it.
If you're any good at finding flaws, there is a lucrative (and legal) market in vulnerabilities and zero day exploits. All of the security agencies pay to get these, presumably under some form of non disclosure agreements/secrecy legislation. If you're really good, you should be able to sell the same exploit to multiple buyers. It depends on your contacts as to whether you are able to access this market though.
In the war on terror, it could literally be catastrophic to not exploit such flaws. Hawks would argue that it's your patriotic duty to pass such information onto the security agencies. It's to protect the children too. Or so the ideology goes. See US NOBUS policy.
I confused how legal is to sell zero-day exploit and what is the difference between selling it to those people or in darknet?
â R1w
3 mins ago
add a comment |Â
2 Answers
2
active
oldest
votes
2 Answers
2
active
oldest
votes
active
oldest
votes
active
oldest
votes
up vote
2
down vote
First of all, if the protocol is under use, you have to warn them before publicly announce. Otherwise, there can be very catastrophic results. First day attacks are very common.
Demonstrating only the flaw is a half paper, with countermeasures you will have a good paper. Of course, you have to give time to people to deploy the countermeasures.
- Example RSA Dual_EC_DRBG .
- Example Heartbleed Bug
add a comment |Â
up vote
2
down vote
First of all, if the protocol is under use, you have to warn them before publicly announce. Otherwise, there can be very catastrophic results. First day attacks are very common.
Demonstrating only the flaw is a half paper, with countermeasures you will have a good paper. Of course, you have to give time to people to deploy the countermeasures.
- Example RSA Dual_EC_DRBG .
- Example Heartbleed Bug
add a comment |Â
up vote
2
down vote
up vote
2
down vote
First of all, if the protocol is under use, you have to warn them before publicly announce. Otherwise, there can be very catastrophic results. First day attacks are very common.
Demonstrating only the flaw is a half paper, with countermeasures you will have a good paper. Of course, you have to give time to people to deploy the countermeasures.
- Example RSA Dual_EC_DRBG .
- Example Heartbleed Bug
First of all, if the protocol is under use, you have to warn them before publicly announce. Otherwise, there can be very catastrophic results. First day attacks are very common.
Demonstrating only the flaw is a half paper, with countermeasures you will have a good paper. Of course, you have to give time to people to deploy the countermeasures.
- Example RSA Dual_EC_DRBG .
- Example Heartbleed Bug
edited 4 hours ago
answered 5 hours ago
kelalaka
711214
711214
add a comment |Â
add a comment |Â
up vote
1
down vote
Or, you try to cash in on it.
If you're any good at finding flaws, there is a lucrative (and legal) market in vulnerabilities and zero day exploits. All of the security agencies pay to get these, presumably under some form of non disclosure agreements/secrecy legislation. If you're really good, you should be able to sell the same exploit to multiple buyers. It depends on your contacts as to whether you are able to access this market though.
In the war on terror, it could literally be catastrophic to not exploit such flaws. Hawks would argue that it's your patriotic duty to pass such information onto the security agencies. It's to protect the children too. Or so the ideology goes. See US NOBUS policy.
I confused how legal is to sell zero-day exploit and what is the difference between selling it to those people or in darknet?
â R1w
3 mins ago
add a comment |Â
up vote
1
down vote
Or, you try to cash in on it.
If you're any good at finding flaws, there is a lucrative (and legal) market in vulnerabilities and zero day exploits. All of the security agencies pay to get these, presumably under some form of non disclosure agreements/secrecy legislation. If you're really good, you should be able to sell the same exploit to multiple buyers. It depends on your contacts as to whether you are able to access this market though.
In the war on terror, it could literally be catastrophic to not exploit such flaws. Hawks would argue that it's your patriotic duty to pass such information onto the security agencies. It's to protect the children too. Or so the ideology goes. See US NOBUS policy.
I confused how legal is to sell zero-day exploit and what is the difference between selling it to those people or in darknet?
â R1w
3 mins ago
add a comment |Â
up vote
1
down vote
up vote
1
down vote
Or, you try to cash in on it.
If you're any good at finding flaws, there is a lucrative (and legal) market in vulnerabilities and zero day exploits. All of the security agencies pay to get these, presumably under some form of non disclosure agreements/secrecy legislation. If you're really good, you should be able to sell the same exploit to multiple buyers. It depends on your contacts as to whether you are able to access this market though.
In the war on terror, it could literally be catastrophic to not exploit such flaws. Hawks would argue that it's your patriotic duty to pass such information onto the security agencies. It's to protect the children too. Or so the ideology goes. See US NOBUS policy.
Or, you try to cash in on it.
If you're any good at finding flaws, there is a lucrative (and legal) market in vulnerabilities and zero day exploits. All of the security agencies pay to get these, presumably under some form of non disclosure agreements/secrecy legislation. If you're really good, you should be able to sell the same exploit to multiple buyers. It depends on your contacts as to whether you are able to access this market though.
In the war on terror, it could literally be catastrophic to not exploit such flaws. Hawks would argue that it's your patriotic duty to pass such information onto the security agencies. It's to protect the children too. Or so the ideology goes. See US NOBUS policy.
answered 16 mins ago
Paul Uszak
6,08111332
6,08111332
I confused how legal is to sell zero-day exploit and what is the difference between selling it to those people or in darknet?
â R1w
3 mins ago
add a comment |Â
I confused how legal is to sell zero-day exploit and what is the difference between selling it to those people or in darknet?
â R1w
3 mins ago
I confused how legal is to sell zero-day exploit and what is the difference between selling it to those people or in darknet?
â R1w
3 mins ago
I confused how legal is to sell zero-day exploit and what is the difference between selling it to those people or in darknet?
â R1w
3 mins ago
add a comment |Â
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fcrypto.stackexchange.com%2fquestions%2f62847%2ffinding-flaw-in-cryptographic-protocol%23new-answer', 'question_page');
);
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password