[Cryptography] RSA is dead.

[James A. Donald]

On 2013-12-23 08:55, Jerry Leichter wrote:
 > Have a look at some of the entries in the Obfuscated V contest (to
 > write innocent-looking code that actually cheated one of the
 > candidates).  My favorite is
 > http://graphics.stanford.edu/~danielrh/vote/mzalewski.c - just one
 > of many.
 > Come back and tell me how "capable developers" will easily find
 > malicious code hidden in simple, clean-looking C code.

The use of the macro #define VOTE_AND_CHECK(v) was obviously odd and out 
of place.

If not obvious what was hidden, it was immediately obvious that the 
writer was trying to hide something by the use of obfuscated code.

So, I do the glaringly obvious thing, and substitute the macro, de 
obfuscating the code, whereupon it is immediately obvious that the inner 
t hides the outer t, which is obscure and misleading code, notoriously 
apt to lead to errors.

So, I check for errors induced by the inner variable hiding an outer 
variable.

And, ding!  Since this is a macro, v references the inner t, not the 
outer t, so every CHECK_INTERVAL votes, a vote gets counted for bush, 
regardless of who it should be counted for.

This took me about half an hour.  Normal time for checking someone 
else's code, written to be clear, with the author sitting right beside 
me answering my questions, is one hundred lines per hour.

This was a hundred line program.  So the time it took me to find the 
error was right in line with the time it takes me to find errors in 
someone else's code when he has written the code to be as 
straightforward as possible, and he is sitting in right front of me 
honestly answering my questions about his code.