On Thu, Nov 27, 2014 at 1:04 AM, ianG <i...@iang.org> wrote: > http://underhandedcrypto.com/rules/ > > The Underhanded Crypto contest was inspired by the famous Underhanded C > Contest, which is a contest for producing C programs that look correct, yet > are flawed in some subtle way that makes them behave inappropriately. This > is a great model for demonstrating how hard code review is, and how easy it > is to slip in a backdoor even when smart people are paying attention. > > We’d like to do the same for cryptography. We want to see if you can > design a cryptosystem that looks secure to experts, yet is backdoored or > vulnerable in a subtle barely-noticable way. Can you design an encrypted > chat protocol that looks secure to everyone who reviews it, but in reality > lets anyone who knows some fixed key decrypt the messages? > > We’re also interested in clever ways to weaken existing crypto programs. > Can you make a change to the OpenSSL library that looks like you’re > improving the random number generator, but actually breaks it and makes it > produce predictable output? > > If either of those things sound interesting, then this is the contest for > you. >
And the main prize for a winner would be nearly ruined reputation because nobody would trust his or her design and code ever again. Giving a client solid proof and confirmation of their huge concern about your ability to put some fishy stuff into their system - what else would be more assuring, right? :) Ilya.
_______________________________________________ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography