ie8 fix
madison

Zero Day

Ryan Naraine, Emil Protalinski and Dancho Danchev
Home / News & Blogs / Zero Day

Competitors for the next hash standard found to have security-related coding flaws

By | February 23, 2009, 1:31pm PST

As further proof that no one is immune to making mistakes, two of the algorithms competing to be the next hash standard were found to contain buffer overflows.

The government board in charge of nominating standard cryptographic algorithms, NIST, has been holding a competition to choose the next standard hash scheme. When the corpus of reference implementations were examined with Fortify’s code analysis tool, it was found that two of the submissions had buffer overflow errors.

These problems don’t affect the cryptographic correctness of the algorithm, and the relatively small size of the algorithms mean they would have likely been found in short order as the process progressed. Nevertheless, this should serve as further proof that everyone, even security people, makes security mistakes.

Kick off your day with ZDNet's daily e-mail newsletter. It's the freshest tech news and opinion, served hot. Get it.

More from “Zero Day”

Topics

Algorithm, Flaw, Buffer-overflow, Engineering, Security, Viruses And Worms, Adam O'Donnell

Adam J. O'Donnell, Ph.D. is an R&D engineer who has focused on computer security since 2000.

Disclosure

Adam O'Donnell

Adam J. O’Donnell currently works for Cloudmark, a messaging security company whose clients include the majority of the Tier 1 customer-facing service providers as well as mobile carriers and social networks. He serves on the advisory committee for the SOURCE Security Conference, as well as several conference technical program committees. Many of his close friends work in the security industry, and he will disclose those relationships as he deems it necessary.

Biography

Adam O'Donnell

Adam J. O'Donnell, Ph.D. is an R&D engineer who has focused on computer security since 2000. He currently is the Director of Emerging Technologies at Cloudmark, a messaging security company located in San Francisco.

Adam early on mastered the art of writing in complete sentences, using both hands and one foot. Later, he learned to do so with each individually. After fourteen years of apprenticeship in the mist-covered hills of central Nepal, Dr. O'Donnell emerged an unparalleled digital warrior and in desperate need of a anti-fungal wash.

Approaching both life and enterprise security with the verve of a particular capuchin, he is respected the world over as an observer of all he sees. Adam's dry blade of analysis will sever the hard candy shell surrounding most technical security concepts, and significantly goo-ify the remaining so as to be consumable in small bites with sufficiently large servings of digestive aids. Just what the doctor ordered.

Related Discussions on TechRepublic

Did you know you can take part in these discussions with your ZDNet membership?
Ask a Question Start a Discussion
1
Comments
Add Your Opinion

Join the conversation!

0 Votes
+ -
RE: Competitors for the next hash standard found to have security-related coding flaws
birumut Updated - 4th May 2011
Well done! Thank you very much for professional templates and community edition
seslisohbet seslichat

Join the conversation!

Formatting +
BB Codes - Note: HTML is not supported in forums
  • [b] Bold [/b]
  • [i] Italic [/i]
  • [u] Underline [/u]
  • [s] Strikethrough [/s]
  • [q] "Quote" [/q]
  • [ol][*] 1. Ordered List [/ol]
  • [ul][*] · Unordered List [/ul]
  • [pre] Preformat [/pre]
  • [quote] "Blockquote" [/quote]
ie8 fix
Click Here
ie8 fix

The best of ZDNet, delivered

ZDNet Newsletters

Get the best of ZDNet delivered straight to your inbox

Facebook Activity

Blog Roll

Blog Archive

White Papers, Webcasts, & Resources
ie8 fix
ie8 fix