Weak Homegrown Crypto Dooms Open Smart Grid Protocol
Found on Threatpost on Friday, 08 May 2015
The paper, “Dumb Crypto in Smart Grids: Practical Cryptanalysis of the Open Smart Grid Protocol” explains how the authenticated encryption scheme used in the OSGP is open to numerous attacks—the paper posits a handful—that can be pulled off with minimal computational effort.
“Protocol designers should stick to known good algorithms or even the ‘NIST-approved’ short list,” Crain said. “In this instance, the researchers analyzed the OMA digest function and found weaknesses in it. The weaknesses in it can be used to determine the private key in a very small number of trials.”
When you think you are smarter than a ton of cryptologists who develop worldwide used secure standards, you should never ever write software that is going to be used in the real world.