[121790] in cryptography@c2.net mail archive
Re: "Designing and implementing malicious hardware"
daemon@ATHENA.MIT.EDU (=?UTF-8?Q?Ivan_Krsti=C4=87?=)
Sun Apr 27 18:34:57 2008
Cc: Jacob Appelbaum <jacob@appelbaum.net>,
Cryptography <cryptography@metzdowd.com>
From: =?UTF-8?Q?Ivan_Krsti=C4=87?= <krstic@solarsail.hcs.harvard.edu>
To: "Leichter, Jerry" <leichter_jerrold@emc.com>
In-Reply-To: <Pine.SOL.4.61.0804251036380.12794@mental>
Date: Sun, 27 Apr 2008 03:40:50 -0400
On Apr 25, 2008, at 11:09 AM, Leichter, Jerry wrote:
> I remember seeing another, similar contest in which
> the goal was to produce a vote-counting program that
> looked completely correct, but biased the results.
> The winner was amazingly good - I consider myself
> pretty good at analyzing code, but even knowing that
> this code had a "hook" in it, I missed it completely.
> Worse, none of the code even set of my "why is it
> doing *that*" detector.
I was reminded of the same contest[0]. The winning date-agnostic =20
entry[1] was by Micha=C5=82 Zalewski[2], and is nothing short of evil. I =
=20
spotted the problem after staring at the code intensely for about a =20
half hour, knowing in advance it was there. Had I not known, I don't =20
think I'd have found it.
[0] <http://graphics.stanford.edu/~danielrh/vote/vote.html>
[1] <http://graphics.stanford.edu/~danielrh/vote/mzalewski.c>
[2] <http://en.wikipedia.org/wiki/Micha%C5%82_Zalewski>
--
Ivan Krsti=C4=87 <krstic@solarsail.hcs.harvard.edu> | http://radian.org
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
