Blog

Sorry, we’re late! Last year’s entries are coming!

We’ve taken too long to publish all of last year’s entries. We wanted to give each non-winning entry its own blog post, since they can all teach us a useful lesson, but I (Taylor) promised to write those blog posts and took far too long. Sorry everyone! Those posts are finished now and we’ll be posting one per week. Here’s the first one: AverageSecurityGuy’s Entry...

AverageSecurityGuy’s 2017 Entry: A PRNG that Zeroes its Seed

AverageSecurityGuy‘s entry to the 2017 Underhanded Crypto Contest is a pseudorandom number generator that zeroes out its own seed. The code generates two actually-random seeds for the generator and then “shuffles” them as follows, where “xor_byte_arrays” is a function that XORs two byte arrays together and returns the result in a new array: /* Shuffle the keys with...

Announcing the 2017 Winners!

We are proud to announce the winners of the 2017 Underhanded Crypto Contest! First Place: JP Smith and Will Song Second Place: Neville Longbottom The announcement was made by Adam Caudill at the DEF CON Crypto & Privacy Village on Friday, July 28th; below is the approximate text of the talk given at the event, the slides are also available. Slide 1: Hi everyone, I’m Adam Caudill, and...

2017 Winner: JP Smith and Will Song

The well-deserved winner of the 2017 Underhanded Crypto Contest is JP Smith and Will Song for a curve generator for a SIDH, a post-quantum key exchange. This curve generator appears on the surface to function properly, but in reality in certain circumstances the curve generated isn’t supersingular – this doesn’t pose a threat if the attacker is using classical computers, but...

Recent Posts

Categories