Security Review Summary of NIST SHA-3 Round 1 146
FormOfActionBanana writes "The security firm Fortify Software has undertaken an automated code review of the NIST SHA-3 round 1 contestants (previously Slashdotted) reference implementations. After a followup audit, the team is now reporting summary results. According to the blog entry, 'This just emphasizes what we already knew about C, even the most careful, security conscious developer messes up memory management.' Of particular interest, Professor Ron Rivest's (the "R" in RSA) MD6 team has already corrected a buffer overflow pointed out by the Fortify review. Bruce Schneier's Skein, also previously Slashdotted, came through defect-free."
Re:SHA-3 Is Cracked. (Score:1, Funny)
If you step into my heap one more time with your fucking malloc, I'm going to derefernce your null pointer bitch!
-Christian Bale
Who's this Bruce Shneieier guy? (Score:5, Funny)
"... because implementation is where people screw up." ... came through defect-free."
"Bruce Schneier's Skein,
So by deductive logic, Bruce is a robot. Also previously slashdotted.
Re:this is why... (Score:3, Funny)
PS: (Score:1, Funny)
The alternative was supposed to be throwing money at Fortify by the way. If your conclusion is to switch to SPARK then Fortify needs to work on their PR, *cough*, I mean blogging.