[136028] in cryptography@c2.net mail archive


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Snatching defeat from the jaws of victory

daemon@ATHENA.MIT.EDU (Peter Gutmann)
Fri Oct 24 08:32:49 2008

From: pgut001@cs.auckland.ac.nz (Peter Gutmann)
To: cryptography@metzdowd.com
Date: Thu, 16 Oct 2008 19:46:42 +1300

The DailyWTF has an entertainnig writeup on how not to use strong crypto to 
protect an embedded device, in this case a Wii, at 
http://thedailywtf.com/Articles/Anatomii-of-a-Hack.aspx.  The 
signature-verification function was particularly entertaining:

  decrypt_rsa(signature, public_key, decrypted_signature);
  if(strncmp(content_sha1, decrypted_signature + 236, 20) == 0)
  [...]

(And before you burst out laughing, Apple did something only slightly less bad
in the iPhone).

Peter.

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[136028] in cryptography@c2.net mail archive

Snatching defeat from the jaws of victory

daemon@ATHENA.MIT.EDU (Peter Gutmann)Fri Oct 24 08:32:49 2008

daemon@ATHENA.MIT.EDU (Peter Gutmann)
Fri Oct 24 08:32:49 2008