[cryptography] Underhanded Crypto
ilevin at gmail.com
Wed Nov 26 22:04:47 EST 2014
On Thu, Nov 27, 2014 at 1:04 AM, ianG <iang at iang.org> wrote:
> The Underhanded Crypto contest was inspired by the famous Underhanded C
> Contest, which is a contest for producing C programs that look correct, yet
> are flawed in some subtle way that makes them behave inappropriately. This
> is a great model for demonstrating how hard code review is, and how easy it
> is to slip in a backdoor even when smart people are paying attention.
> We’d like to do the same for cryptography. We want to see if you can
> design a cryptosystem that looks secure to experts, yet is backdoored or
> vulnerable in a subtle barely-noticable way. Can you design an encrypted
> chat protocol that looks secure to everyone who reviews it, but in reality
> lets anyone who knows some fixed key decrypt the messages?
> We’re also interested in clever ways to weaken existing crypto programs.
> Can you make a change to the OpenSSL library that looks like you’re
> improving the random number generator, but actually breaks it and makes it
> produce predictable output?
> If either of those things sound interesting, then this is the contest for
And the main prize for a winner would be nearly ruined reputation because
nobody would trust his or her design and code ever again. Giving a client
solid proof and confirmation of their huge concern about your ability to
put some fishy stuff into their system - what else would be more assuring,
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the cryptography