Snatching defeat from the jaws of victory
Peter Gutmann
pgut001 at cs.auckland.ac.nz
Thu Oct 16 02:46:42 EDT 2008
The DailyWTF has an entertainnig writeup on how not to use strong crypto to
protect an embedded device, in this case a Wii, at
http://thedailywtf.com/Articles/Anatomii-of-a-Hack.aspx. The
signature-verification function was particularly entertaining:
decrypt_rsa(signature, public_key, decrypted_signature);
if(strncmp(content_sha1, decrypted_signature + 236, 20) == 0)
[...]
(And before you burst out laughing, Apple did something only slightly less bad
in the iPhone).
Peter.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list