flat assembler
Message board for the users of flat assembler.
 Home   FAQ   Search   Register 
 Profile   Log in to check your private messages   Log in 
flat assembler > Linux > AUD$250,000 Crypto Challenge and HeavyThing-1.09 release

Author
Thread Post new topic Reply to topic
redsock



Joined: 09 Oct 2009
Posts: 263
Location: Australia
AUD$250,000 Crypto Challenge and HeavyThing-1.09 release
Hey all, been a hectic period of time since the initial release of my library.

We were going to release the latest crypto utility along with the initial release, but nerves got the better of us. Anyway, it is all sorted, and there is a $250K AUD reward for anyone who can undo my goods.

Moderators: If this belongs in amongst the original release thread, please advise and I will delete and move accordingly if necessary.

https://2ton.com.au/throwdown/

Cheers!
Post 27 Mar 2015, 04:54
View user's profile Send private message Reply with quote
HaHaAnonymous



Joined: 02 Dec 2012
Posts: 1171
Location: Unknown
A must for all of those interested in easy money that cannot be so easy.

I am just wondering who is going to pay such a significant prize. Or are they so confident in their work they know no one will succeed in that task!?

I'm always wondering... D:

I apologize for any inconveniences I may have caused.
Post 28 Mar 2015, 04:51
View user's profile Send private message Reply with quote
redsock



Joined: 09 Oct 2009
Posts: 263
Location: Australia
Provided I have done everything exactly right and without error, the problem/throwdown is as intractable as AES256.

That caveat of "without error" is not insignificant, and 2 Ton Digital's throwdown prize incentivizes a great deal of scrutiny into the implementation itself, and that is the point.
Post 28 Mar 2015, 22:07
View user's profile Send private message Reply with quote
Sean4CC



Joined: 15 Apr 2015
Posts: 14
It looks like it is a very useful library. It is certainly a better idea to write security sensitive code in assembler rather than c because c is the royal path to swiss cheese.
Post 16 Apr 2015, 13:58
View user's profile Send private message Reply with quote
redsock



Joined: 09 Oct 2009
Posts: 263
Location: Australia
Greetings, everyone!

Well, a bit more than 6 months later we ended the challenge. Back when we turned this loose, I wasn't really sure how many people would really have a proper look at the assembly language source for toplip, but to my surprise a lot of people seem to have done exactly that.

See https://2ton.com.au/throwdown/ for my closing commentary and keys to unlock the original challenge image contents if you are interested.

Cheers!
Edit: haha, fixed the url.
Post 30 Sep 2015, 00:42
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 15152
Location: GW170817
Congrats on keeping your $250k. It seems you got quite a bit of free analysis from the challenge.

But realistically no one really breaks crypto from a single offline sample (unless it is some trivial xor, or something equally lame). A better test is in its intended real world usage with people of various levels of experience using in their systems. Things like timing/cache attacks and other non-code hardware related key recovery methods are difficult to counter with software because of the wide range, and changing nature, of hardware implementations.
Post 30 Sep 2015, 03:02
View user's profile Send private message Visit poster's website Reply with quote
redsock



Joined: 09 Oct 2009
Posts: 263
Location: Australia

revolution wrote:
Congrats on keeping your $250k. It seems you got quite a bit of free analysis from the challenge.

Thanks, was a bit puckering there to begin with.. Static third-party analysis of any assembler+crypto would have been a tall order anyway, so I am happy with how it ended up (obviously).


revolution wrote:
But realistically no one really breaks crypto from a single offline sample (unless it is some trivial xor, or something equally lame). (snip)

Not sure I entirely agree here, there are a _ton_ of static forensic analysis tools that do precisely this, and since toplip's intended use case is static offline storage, yeah... agreed that "in the wild usage" where timing et al can be a mighty useful hat trick, this one was designed specifically for the use case that it ended up being scrutinized under... Smile
Post 30 Sep 2015, 05:27
View user's profile Send private message Reply with quote
ACP



Joined: 23 Sep 2006
Posts: 197
Hi redsock
As I understood there was no single submission for your contest. However reading the description of it on your webpage I wonder if you have received some comments / input regarding possible bugs or issues concerning the library? If so would you care to share those publicly if possible. The reason I ask is that the number of people who can audit x64 assembly source code is quite limited comparing to the number of people who audit C++, PHP or Java code. Similar situation is on the static source code analysis tools front - the support for x64 assembly is quite limited. Obviously some dynamic analysis methods can be used like binary instrumentation, fuzzing etc. and since the source code is in assembly what you see under debugger is quite similar to the source (symbols in ELF executable are also available) which makes the process easier.
Post 01 Oct 2015, 10:21
View user's profile Send private message Reply with quote
redsock



Joined: 09 Oct 2009
Posts: 263
Location: Australia
Hey ACP, back in the land of being semi-social finally after a very hectic end to 2015 and start of this year.

I did receive quite a few questions regarding the library itself, but none directly on my implementation of toplip that I did the "throwdown" for.

Some of the questions related to the fact that I didn't document in detail possible timing channel avoidance methods, things like that.

All were from crypto backgrounds though and obviously they could all read my code well enough.

I think the prevalence of static analysis and dynamic analysis frontend tools (I use Hopper for Mac OS X binaries as an example) means that there are actually quite a few people with intimate knowledge of x86_64 architecture. Vulns are discovered in what seems like an endless procession using similar tools for the various popular OSs.


Also, on semi-related note, I have updated my library to v1.15 now, see: https://2ton.com.au/HeavyThing/.

Included in this release are Daniel J. Bernstein's Curve25519, Ed25519, Poly1305 routines, libsodium/NaCl's crypto_box compatibility (XSalsa20, etc), SHA3/Keccak, etc.

Hope everyone lurking around here is doing well...

Cheers!
Post 28 Jan 2016, 03:29
View user's profile Send private message Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  


< Last Thread | Next Thread >

Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2005 phpBB Group.

Main index   Download   Documentation   Examples   Message board
Copyright © 2004-2016, Tomasz Grysztar.