On August 15th of last year I asked if anybody would be interested in a contest for the best, most evil underhanded crypto techniques — the response was clear, and less than a month later I announced the creation of the contest.
Before I go any further, the contest simply wouldn’t have been possible without the huge effort by Taylor Hornby to help organize, coordinate and communicate. I couldn’t have asked for a better co-organizer for this event.
Just over six months after the announcement, yesterday we finally announced the winners (only two months later than planned).
The winners, and really all of those that entered, put an amazing amount of effort into it. The entries were fantastic, and quite honestly a few people found them a bit scary – simple, subtle, effective. This is exactly what we wanted though.
The goal of the contest, and the driving reason that we required the submissions be under an open license, was to provide researchers, developers, and reviewers with better insight into how these flaws can be introduced — and hopefully how to detect them.
Based on the comments we’ve received on the winners, I think this will certainly show how subtle these attacks can be. It’s our hope that this turns into a valuable training resource for the community, and will lead to fewer backdoors — intentional or otherwise.
We are discussing plans for the next Underhanded Crypto Contest now, and we’ll be announcing something soon.
or, These aren’t the droids apps you are looking for…
The Chinese government has passed new anti-terror legislation, drafts of which have been criticized for months due to broad language, and the massive privacy concerns. This legislation is a critical move in the global Crypto War – effectively giving the Chinese what the FBI has been seeking for well over a decade: a CALEA-style law, that mandates providers be able to supply law enforcement with decrypted data.
Today I was walking around, exploring the local downtown area, and I noticed a door. Or more accurately, what used to be a door, and the symbolism was too perfect to ignore. It’s a door to nowhere.
A door once stood here, carefully built, thoughtfully placed, well crafted. Long ago someone decided that they didn’t want the door to exist anymore — so they filled it in. They made an attempt at reversing the decisions of the past to suit their desire at the moment — but they couldn’t.
Yesterday, President Obama spoke at SXSW on topics including the oft-discussed fight between Apple and the FBI – what he called for, while more thoughtful than some of the other comments that we have been hearing from Washington, was still tragically misinformed. He repeated the call for a compromise, and by compromise, he meant backdoors.
Here, I feel I must paraphrase one of my favorite authors to properly express the magnitude of what’s being discussed here:
Yesterday James B. Comey, the Director of the FBI continued the propaganda campaign against encryption with a fresh batch of lies and misdirection. The FBI has been pushing to add backdoors to cryptosystems around the world – no matter how many people they put at risk in the process. Starting in the 1990’s, the FBI has been at the forefront of trying to make their job easier by endangering the world.
…or “Crypto Is Hard, Vol. 479”
Earlier today a tweet about a new feature for oclHashcat-plus started a truly interesting debate on Twitter over the implications. The new feature is the ability to crack 1Password keychain files – at an impressive 3 million passwords per second.
Support added to crack 1Password to oclHashcat-plus, 100% computed on GPU! Plus I found an exploitable design flaw http://t.co/53ZtWggsDz — hashcat (@hashcat) April 16, 2013 To achieve this speed, two optimizations were used – the first is in precomputing ipad and opad for SHA1-HMAC, this effectively cuts the number of SHA1 calls in half.
