AuthorTaylor Hornby

The 2018 Contest Winners

First, an apology: we’re super late posting the 2018 entries, and we’re sorry. We know some of you have been waiting to see them for a long time. We have more to say about the future of the contest, but first, let’s see the winners! Winner: Matt Cheung – Incomplete Elliptic-Curve Parameter Validation The winning entry comes from Matt Cheung. You can find the full submission here...

Sorry, we’re late! Last year’s entries are coming!

We’ve taken too long to publish all of last year’s entries. We wanted to give each non-winning entry its own blog post, since they can all teach us a useful lesson, but I (Taylor) promised to write those blog posts and took far too long. Sorry everyone! Those posts are finished now and we’ll be posting one per week. Here’s the first one: AverageSecurityGuy’s Entry...

Sc00bz’s 2017 Entries: Circumventing Slow Password Storage, and Targeted Backdoor Delivery

Sc00bz sent in two entries to the 2017 Underhanded Crypto Contest. First Entry Sc00bz’s first entry (inspired by one of Adam Caudill’s tweets) is a password storage library that appears to use bcrypt, a slow password hashing function. However, instead of generating the salt randomly, it uses a hash of the user ID and password: // Generate salt $salt = substr(hash_hmac('sha256'...

Joseph Birr-Pixton’s 2017 Entry: Poor API Design in OpenSSL

Joseph Birr-Pixton‘s entry to the 2017 Underhanded Crypto Contest is the EVP_VerifyFinal API call that actually exists in OpenSSL. This isn’t to suggest someone intentionally backdoored OpenSSL, but this API call has really poor usability, as Joesph explains: The design of EVP_VerifyFinal OpenSSL’s EVP_VerifyFinal function has a poor choice of return value semantics, which means...

EllaRose’s 2017 Entry: Remote Code Execution with Python’s Pickle

Ella Rose‘s entry to the 2017 Underhanded Crypto Contest is an AEAD (authenticated encryption with associated data) encryption library written in Python. The crypto code itself is fine and bug-free, but the ciphertext is built using Python’s pickle format. Decoding untrusted pickles is well-known to enable remote-code-execution attacks. So, even though the logical ciphertext itself is...

Recent Posts

Categories