Announcing the 2015 Crypto & Privacy Village Challenges

We are pleased to announce the details for the for the 2015 Crypto & Privacy Village Challenges!

In cooperation with the DEF CON Crypto & Privacy Village, we are running two special challenges, with the winners to be announced on Saturday, August 8th. The challenges are are in two categories: backdooring existing software, and designing something from scratch.

Each category will be judged independently:

  1. GPG Key Leaking: Patch the GPG source code, to leak the user’s private key in a subtle way. The leak should be performed in such a way that the average user would not notice it. Annotated samples must be included to demonstrate the technique and its effectiveness.
  2. Password Hashing Backdoor: Design and optionally implement a password hashing system or password-based authentication protocol that, when a secret value is supplied, will allow an attacker to authenticate to any account. The system should appear secure under a typical peer review. Bonus points for a working implementation. The design should be documented in a plain text ASCII file, or PDF file.
    The secret value may depend on the account, and it is acceptable if the attacker must first steal the stored hashes in order to learn it. The more your entry assumes about the attacker’s capabilities, the less highly it will rank, unless those assumptions make the backdoor harder to detect. You may also give the attacker capabilities as part of your submission, e.g. by including a side-channel vulnerability that lets them leak the stored hash, instead of just assuming they have stolen the hash database.

Special thanks to the Crypto & Privacy Village team for helping to make this a reality. We greatly appreciate all those that support and participate in this contest.

For more information, please see the rules.

Welcome Tony!

The Underhanded Crypto Contest is pleased to announce that Tony Arcieri has joined the team as a contest organizer!

Tony joins Taylor Hornby and myself (Adam Caudill) in coordinating all that is involved in making this project a success as we expand. We have some big plans for the future, some of which we will be announcing at the DEFCON Crypto & Privacy Village on August 7th.

On Monday, we will announce plans for special Crypto & Privacy Village challenges, with the winners announced on August 8th. By the end of August, we will officially announce the 2016 Underhanded Crypto Contest – it will be bigger and better than ever!

As always, thanks to all of the sponsors, judges, participants and supports that have made this project a success.