[Cryptography] Underhanded Crypto
waywardgeek at gmail.com
Sun Nov 30 21:28:48 EST 2014
On Wed, Nov 26, 2014 at 12:04 PM, ianG <iang at iang.org> wrote:
> The Underhanded Crypto contest was inspired by the famous Underhanded C
> Contest, which is a contest for producing C programs that look correct, yet
> are flawed in some subtle way that makes them behave inappropriately. This
> is a great model for demonstrating how hard code review is, and how easy it
> is to slip in a backdoor even when smart people are paying attention.
> We’d like to do the same for cryptography. We want to see if you can
> design a cryptosystem that looks secure to experts, yet is backdoored or
> vulnerable in a subtle barely-noticable way. Can you design an encrypted
> chat protocol that looks secure to everyone who reviews it, but in reality
> lets anyone who knows some fixed key decrypt the messages?
> We’re also interested in clever ways to weaken existing crypto programs.
> Can you make a change to the OpenSSL library that looks like you’re
> improving the random number generator, but actually breaks it and makes it
> produce predictable output?
> If either of those things sound interesting, then this is the contest for
> The cryptography mailing list
> cryptography at metzdowd.com
I think this is a fantastic idea! I guess lots of details need to be
worked out, such as whether a 1-line edit to a 1-million line program is
acceptable, vs the other extreme of requiring all-new code for each entry.
Will there be an opportunity for the public to try and find the underhanded
security holes? That sounds really fun!
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the cryptography