Security Review Summary of NIST SHA-3 Round 1

Posted by timothy on Sunday February 22, 2009 @07:15AM from the works-in-progress dept.

FormOfActionBanana writes "The security firm Fortify Software has undertaken an automated code review of the NIST SHA-3 round 1 contestants (previously Slashdotted) reference implementations. After a followup audit, the team is now reporting summary results. According to the blog entry, 'This just emphasizes what we already knew about C, even the most careful, security conscious developer messes up memory management.' Of particular interest, Professor Ron Rivest's (the "R" in RSA) MD6 team has already corrected a buffer overflow pointed out by the Fortify review. Bruce Schneier's Skein, also previously Slashdotted, came through defect-free."

2 of 146 comments (clear)

Min score:

Reason:

Sort:

Who's this Bruce Shneieier guy? by Anonymous Coward · 2009-02-22 07:50 · Score: 5, Funny

"... because implementation is where people screw up."
"Bruce Schneier's Skein, ... came through defect-free."
So by deductive logic, Bruce is a robot. Also previously slashdotted.
Re:this is why... by SoapBox17 · 2009-02-22 07:52 · Score: 2, Funny

Yes, I can't wait for managed Linux to come out. That sounds like a great idea....