Fascinating, accessible guide to cryptographic attacks, from brute-force to POODLE and beyond

Ben Herzog's Cryptographic Attacks: A Guide for the Perplexed from Check Point Research is one of the clearest, most useful guides to how cryptography fails that I've ever read.

While popular media likes to depict crypto as falling prey to brute-force attacks -- which offer narratively convenient countdown timers as the digital tumblers roll into place -- the actual attacks on crypto are way more interesting (and plausible) than making a lot of guesses very fast.

Herzog lays out how these attacks work, from frequency analysis to precomputation attacks to interpolation attacks to downgrade attacks to oracle attacks, and then gives specific examples of high-profile, real world defects in cryptosystems, including CRIME, POODLE and DROWN.

Understanding how crypto goes wrong -- the complex interplay of history, human error, foolishness, and unanticipated interactions -- is key to understanding computer security. This is an invaluable guide, and Herzog promises as sequel: "In the next blog post of this series, well talk about advanced attacks such as meet-in-the-middle, differential cryptanalysis, and the birthday attack. Well take a short foray into the land of side-channel attacks, and then well finally delve into the exquisite realm of attacks on public-key cryptography."

You might wonder who in their right mind would design a real-world system analogous to a secure, unless you come in sideways system, or a secure, unless you insist otherwise system, as described above. But much like the fictional bank would rather take the risk and retain its crypto-averse customers, systems in general often bow to requirements that are indifferent, or even overtly hostile, to security needs.