Keys in cryptographic systems are managed by imperfect
management systems that are attacked in order to gain access to keying
materials. Examples include attacks based on inadequate randomness in key
generation techniques, exploitation of selected plaintext attacks against
inadequately implemented automated encryption systems, and breaking into
computers housing keying materials.
Complexity: Many key management attacks
require a substantial amount of computing power, but this is normally on the
order of only a few million computations to break a key that could not be
broken exhaustively under any feasible scheme. The complexity of these
attacks tends to be specific to the particular key management system. In
many cases, the weakest link is the computer housing the keys and this is
often attacked in a relatively small amount of time through other
techniques.
fc@red.a.net