On Apr 25, 2008, at 11:09 AM, Leichter, Jerry wrote:
I remember seeing another, similar contest in which
the goal was to produce a vote-counting program that
looked completely correct, but biased the results.
The winner was amazingly good - I consider myself
pretty good at analyzing code, but even knowing that
this code had a "hook" in it, I missed it completely.
Worse, none of the code even set of my "why is it
doing *that*" detector.
I was reminded of the same contest[0]. The winning date-agnostic
entry[1] was by Michał Zalewski[2], and is nothing short of evil. I
spotted the problem after staring at the code intensely for about a
half hour, knowing in advance it was there. Had I not known, I don't
think I'd have found it.
[0] <http://graphics.stanford.edu/~danielrh/vote/vote.html>
[1] <http://graphics.stanford.edu/~danielrh/vote/mzalewski.c>
[2] <http://en.wikipedia.org/wiki/Micha%C5%82_Zalewski>
--
Ivan Krstić <[EMAIL PROTECTED]> | http://radian.org
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
