"Designing and implementing malicious hardware"
Ivan Krstić
krstic at solarsail.hcs.harvard.edu
Sun Apr 27 03:40:50 EDT 2008
On Apr 25, 2008, at 11:09 AM, Leichter, Jerry wrote:
> I remember seeing another, similar contest in which
> the goal was to produce a vote-counting program that
> looked completely correct, but biased the results.
> The winner was amazingly good - I consider myself
> pretty good at analyzing code, but even knowing that
> this code had a "hook" in it, I missed it completely.
> Worse, none of the code even set of my "why is it
> doing *that*" detector.
I was reminded of the same contest[0]. The winning date-agnostic
entry[1] was by Michał Zalewski[2], and is nothing short of evil. I
spotted the problem after staring at the code intensely for about a
half hour, knowing in advance it was there. Had I not known, I don't
think I'd have found it.
[0] <http://graphics.stanford.edu/~danielrh/vote/vote.html>
[1] <http://graphics.stanford.edu/~danielrh/vote/mzalewski.c>
[2] <http://en.wikipedia.org/wiki/Micha%C5%82_Zalewski>
--
Ivan Krstić <krstic at solarsail.hcs.harvard.edu> | http://radian.org
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list