Slashdot Mirror

← Back to Stories (view on slashdot.org)

Security Review Summary of NIST SHA-3 Round 1

Posted by timothy on Sunday February 22, 2009 @07:15AM from the works-in-progress dept.

FormOfActionBanana writes "The security firm Fortify Software has undertaken an automated code review of the NIST SHA-3 round 1 contestants (previously Slashdotted) reference implementations. After a followup audit, the team is now reporting summary results. According to the blog entry, 'This just emphasizes what we already knew about C, even the most careful, security conscious developer messes up memory management.' Of particular interest, Professor Ron Rivest's (the "R" in RSA) MD6 team has already corrected a buffer overflow pointed out by the Fortify review. Bruce Schneier's Skein, also previously Slashdotted, came through defect-free."

4 of 146 comments (clear)

Min score:

Reason:

Sort:

Re:SHA-3 Is Cracked. by Anonymous Coward · 2009-02-22 07:26 · Score: 1, Funny

If you step into my heap one more time with your fucking malloc, I'm going to derefernce your null pointer bitch!
-Christian Bale
Who's this Bruce Shneieier guy? by Anonymous Coward · 2009-02-22 07:50 · Score: 5, Funny

"... because implementation is where people screw up."
"Bruce Schneier's Skein, ... came through defect-free."
So by deductive logic, Bruce is a robot. Also previously slashdotted.
Re:this is why... by SoapBox17 · 2009-02-22 07:52 · Score: 2, Funny

Yes, I can't wait for managed Linux to come out. That sounds like a great idea....
PS: by Anonymous Coward · 2009-02-22 08:23 · Score: 1, Funny

The alternative was supposed to be throwing money at Fortify by the way. If your conclusion is to switch to SPARK then Fortify needs to work on their PR, *cough*, I mean blogging.