"Designing and implementing malicious hardware"

Ivan Krstić krstic at solarsail.hcs.harvard.edu
Sun Apr 27 03:40:50 EDT 2008

On Apr 25, 2008, at 11:09 AM, Leichter, Jerry wrote:
> 	    I remember seeing another, similar contest in which
> 	    the goal was to produce a vote-counting program that
> 	    looked completely correct, but biased the results.
> 	    The winner was amazingly good - I consider myself
> 	    pretty good at analyzing code, but even knowing that
> 	    this code had a "hook" in it, I missed it completely.
> 	    Worse, none of the code even set of my "why is it
> 	    doing *that*" detector.

I was reminded of the same contest[0]. The winning date-agnostic  
entry[1] was by Michał Zalewski[2], and is nothing short of evil. I  
spotted the problem after staring at the code intensely for about a  
half hour, knowing in advance it was there. Had I not known, I don't  
think I'd have found it.

[0] <http://graphics.stanford.edu/~danielrh/vote/vote.html>
[1] <http://graphics.stanford.edu/~danielrh/vote/mzalewski.c>
[2] <http://en.wikipedia.org/wiki/Micha%C5%82_Zalewski>

Ivan Krstić <krstic at solarsail.hcs.harvard.edu> | http://radian.org

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

More information about the cryptography mailing list