Slashdot Mirror

← Back to Stories (view on slashdot.org)

Security Review Summary of NIST SHA-3 Round 1

Posted by timothy on from the works-in-progress dept.

FormOfActionBanana writes "The security firm Fortify Software has undertaken an automated code review of the NIST SHA-3 round 1 contestants (previously Slashdotted) reference implementations. After a followup audit, the team is now reporting summary results. According to the blog entry, 'This just emphasizes what we already knew about C, even the most careful, security conscious developer messes up memory management.' Of particular interest, Professor Ron Rivest's (the "R" in RSA) MD6 team has already corrected a buffer overflow pointed out by the Fortify review. Bruce Schneier's Skein, also previously Slashdotted, came through defect-free."

9 of 146 comments (clear)

  1. ANSI C by chill · · Score: 4, Insightful

    That is what they get for mandating the code be in ANSI C. How about allowing reference implementation in SPARK, ADA or something else using design-by-contract. After all, isn't something as critical as a international standard for a hash function the type of software d-b-c was meant for?

    --
    Learning HOW to think is more important than learning WHAT to think.
    1. Re:ANSI C by John+Hasler · · Score: 4, Insightful

      Presumably one of the things they want to evaluate is performance.

      --
      Warning: this article may contain humor, sarcasm, parody, and perhaps even irony. Read at your own risk.
    2. Re:ANSI C by IversenX · · Score: 4, Insightful

      Because you can't compile a mathematical definition.

      If we imagine that the hash function came only as a mathematical definition, how would your test your new implementation in LangOfTheWeek is correct?

      Well, you have 2 options. One, you can prove that your program behaves, in every important way, the same as the definition. This is long, tedious work, and most programmers don't even have the necessary skills for this. Two, you can make a reference implemention in some other language, and compare the outputs.

      Now, given, say, 100 programmers each working on their own functions, we should have 1 resulting behaviour. This will mean that everybody implemented the algorithm 100% correctly. However, the actual number will be between 1 and 100, depending on the skills of the programmers, and the care they've taken in implementing the functions.

      Now, what's the result here? (no pun intended). It's likely to be chaos.

      That's why it's very convenient to have a single reference source.

      --
      With great numbers come great responsibility!
    3. Re:ANSI C by Anonymous Coward · · Score: 5, Insightful

      What did they get? You realize this is just an ad for Fortify, right? Out of 42 projects, they found 5 with memory management issues using their tool. Maybe instead of switching to SPARK, the 5 teams that fucked up could ask the 37 that didn't for some tips on how to write correct C.

    4. Re:ANSI C by OrangeTide · · Score: 4, Insightful

      That is what they get for mandating the code be in ANSI C.

      Because most of the systems out there use C for the performance sensitive bits. (and when asm optimization is done, people generally use a C implementation as a reference since C and asm are similar in many ways).

      When they start doing Linux and Windows and other popular systems primarily in Ada you can start going WTF over people posting ANSI C code. Until Java, Ruby and Python aren't dependent on C/C++ implementations for their functionality we'll just have to suffer with C.

      --
      “Common sense is not so common.” — Voltaire
  2. The reason is in the summary... by pathological+liar · · Score: 5, Insightful

    ... because implementation is where people screw up.

  3. Reference implementation by rgmoore · · Score: 4, Informative

    In a word, no. A reference implementation is supposed to be a working version of the code, not just a mathematical description. With a working version, it's possible to do things like test its real world performance or cut and paste directly into a program that needs to use the function. That's obviously only possible if you have a version that works on real-world processors.

    Consider Skein as an example. One of the things that Bruce Schneier described as a major goal of its design is that it uses functions that are highly optimized in real-world processors. That means that it's possible to make a version that's both very fast and straightforward to program, an important criterion for low-powered embedded applications. You won't discover that kind of detail until you implement it.

    --

    There's no point in questioning authority if you aren't going to listen to the answers.

  4. Who's this Bruce Shneieier guy? by Anonymous Coward · · Score: 5, Funny

    "... because implementation is where people screw up."
    "Bruce Schneier's Skein, ... came through defect-free."

    So by deductive logic, Bruce is a robot. Also previously slashdotted.

  5. In defense of C by phantomfive · · Score: 4, Insightful

    The summary is kind of a troll, since most of the submissions actually managed to get through without ANY buffer overflows.

    Buffer overflows are not hard to avoid, they are just something that must be tested. If you don't test, you are going to make a mistake, but they are easy to find with a careful test plan or an automated tool. Apparently those authors who had buffer overflows in their code didn't really check for them.

    C is just a tool, like any other, and it has tradeoffs. The fact that you are going to have to check for buffer overflows is just something you have to add to the final estimate of how long your project will take. But C gives you other advantages that make up for it. Best tool for the job, etc.

    --
    Qxe4