Snatching defeat from the jaws of victory

Peter Gutmann pgut001 at cs.auckland.ac.nz
Thu Oct 16 02:46:42 EDT 2008


The DailyWTF has an entertainnig writeup on how not to use strong crypto to 
protect an embedded device, in this case a Wii, at 
http://thedailywtf.com/Articles/Anatomii-of-a-Hack.aspx.  The 
signature-verification function was particularly entertaining:

  decrypt_rsa(signature, public_key, decrypted_signature);
  if(strncmp(content_sha1, decrypted_signature + 236, 20) == 0)
  [...]

(And before you burst out laughing, Apple did something only slightly less bad
in the iPhone).

Peter.

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com



More information about the cryptography mailing list