Steve Bellovin et al:
Architecture matters a lot, and in subtle ways.
The future will be a golden age for intelligence.
Arjen K. Lenstra and James P. Hughes:
We performed a sanity check of public keys collected on the web. Our main goal was to test the validity of the assumption that different random choices are made each time keys are generated. We found that the vast majority of public keys work as intended. A more disconcerting finding is that two out of every one thousand RSA moduli that we collected offer no security. Our conclusion is that the validity of the assumption is questionable and that generating keys in the real world for "multiple-secrets" cryptosystems such as RSA is significantly riskier than for "single-secret" ones such as ElGamal or (EC)DSA which are based on Diffie-Hellman.
Jean-Francois Raymond and Anton Stiglic:
Diffie-Hellman key agreement protocol implementations have been plagued by serious security flaws. The attacks can be very subtle and, more often than not, have not been taken into account by protocol designers.
Charles C. Mann:
Minute changes in baseline assumptions produce wildly different results.
If you have something that you don't want anyone to know, maybe you shouldn't be doing it in the first place.
Ron was wrong, Whit is right