Schneier on Security: Tagged contests

Entries Tagged "contests"

Page 3 of 7

Keccak is SHA-3

NIST has just announced that Keccak has been selected as SHA-3.

It’s a fine choice. I’m glad that SHA-3 is nothing like the SHA-2 family; something completely different is good.

Congratulations to the Keccak team. Congratulations—and thank you—to NIST for running a very professional, interesting, and enjoyable competition. The process has increased our understanding about the cryptanalysis of hash functions by a lot.

I know I just said that NIST should choose “no award,” mostly because too many options makes for a bad standard. I never thought they would listen to me, and—indeed—only made that suggestion after I knew it was too late to stop the choice. Keccak is a fine hash function; I have absolutely no reservations about its security. (Or the security of any of the four SHA-2 function, for that matter.) I have to think more before I make specific recommendations for specific applications.

Again: great job, NIST. Let’s do a really fast stream cipher next.

Posted on October 2, 2012 at 4:50 PM • View Comments

A Real Movie-Plot Threat Contest

The “Australia’s Security Nightmares: The National Security Short Story Competition” is part of Safeguarding Australia 2012.

To aid the national security community in imagining contemporary threats, the Australian Security Research Centre (ASRC) is organising Australia’s Security Nightmares: The National Security Short Story Competition. The competition aims to produce a set of short stories that will contribute to a better conception of possible future threats and help defence, intelligence services, emergency managers, health agencies and other public, private and non-government organisations to be better prepared. The ASRC competition also aims to raise community awareness of national security challenges, and lead to better individual and community resilience.

New, unpublished writers are encouraged to enter the competition.

The first prize is $1000, with the second prize being $500 and third prize being $300.

[…]

Entrants need to write a short story with a security scenario as the story plot line or as the essential backdrop. An Australia context to the story is required, and the story needs to be set between today and 2020. While the story is to be fictional, it needs to be grounded in a plausible, coherent and detailed security situation. Rather than just describing on an avalanche of frightening events, writers are encouraged to focus on the consequences and challenges posed by their scenarios, and tease out what the official and public responses would be. Such stories provide more useful insights for those planning to face security threats.

People who have entered my movie–plot contests should take note; that’s real prize money. I’m working on my own submission: it involves al Qaeda, a comet hitting the earth, zombies, and feral pigs.

(And while we’re on the topic, here’s a video of the 100 greatest movie threats. Not movie-plot threats—threats from actual movies.)

Posted on September 12, 2012 at 6:23 AM • View Comments

GCHQ Hacking Contest

GCHQ is holding a hacking contest to drum up new recruits.

EDITED TO ADD (12/6): The contest has been cracked, but only because the administrators didn’t hide the solution page from search-engine spiders.

Posted on December 5, 2011 at 12:21 PM • View Comments

Mobile Phone Privacy App Contest

Entries due by the end of the month.

Posted on May 17, 2011 at 1:35 PM • View Comments

NIST SHA-3 News

NIST has finally published its rationale for selecting the five finalists.

Posted on March 2, 2011 at 7:53 AM • View Comments

NIST Announces SHA-3 Finalists (Skein is One of Them)

Yesterday, NIST announced the five hash functions to advance to the third (and final) round in the SHA-3 selection process: BLAKE, Grøstl, JH, Keccak, and Skein. Not really a surprise; my predictions—which I did not publish—listed ECHO instead of JH, but correctly identified the other four. (Most of the predictions I saw guessed BLAKE, Grøstl, Keccak, and Skein, but differed on the fifth.)

NIST will publish a report that explains its rationale for selecting the five it did.

Next is the Third SHA-3 Candidate Conference, which will probably be held in March 2012 in Washington, DC, in conjunction with FSE 2012. NIST will then pick a single algorithm to become SHA-3.

More information about Skein and the SHA-3 selection process, including lots of links, is here. Version 1.3 of the Skein paper, which discusses the new constant to defeat the Khovratovich-Nikolié-Rechberger attack, is here (description of the tweak here). And there’s this new analysis of Skein.

And if you ordered a Skein polo shirt in September, they’ve been shipped.

Posted on December 10, 2010 at 12:04 PM • View Comments

Hacking Trial Breaks D.C. Internet Voting System

Sounds like it was easy:

Last week, the D.C. Board of Elections and Ethics opened a new Internet-based voting system for a weeklong test period, inviting computer experts from all corners to prod its vulnerabilities in the spirit of “give it your best shot.” Well, the hackers gave it their best shot—and midday Friday, the trial period was suspended, with the board citing “usability issues brought to our attention.”

[…]

Stenbjorn said a Michigan professor whom the board has been working with on the project had “unleashed his students” during the test period, and one succeeded in infiltrating the system.

My primary worry about contests like this is that people will think a positive result means something. If a bunch of students can break into a system after a couple of weeks of attempts, we know it’s insecure. But just because a system withstands a test like this doesn’t mean it’s secure. We don’t know who tried. We don’t know what they tried. We don’t know how long they tried. And we don’t know if someone who tries smarter, harder, and longer could break the system.

High School Teacher Assigns Movie-Plot Threat Contest Problem

In Australia:

A high school teacher who assigned her class to plan a terrorist attack that would kill as many innocent people as possible had no intent to promote terrorism, the school principal said yesterday.

The Year-10 students at Kalgoorlie-Boulder Community High School were asked to pretend they were terrorists making a political statement by releasing a chemical or biological agent on “an unsuspecting Australian community”.

The task included choosing the best time to attack and explaining their choice of victims and what effects the attack would have on a human body.

“Your goal is to kill the MOST innocent civilians,” the assignment read.

Principal Terry Martino said he withdrew the assignment for the class on contemporary conflict and terrorism as soon as he heard of it. He said the teacher was “relatively inexperienced” and it was a “well-intentioned but misguided attempt to engage the students”.

Sounds like me:

It is in this spirit I announce the (possibly First) Movie-Plot Threat Contest. Entrants are invited to submit the most unlikely, yet still plausible, terrorist attack scenarios they can come up with.

Your goal: cause terror. Make the American people notice. Inflict lasting damage on the U.S. economy. Change the political landscape, or the culture. The more grandiose the goal, the better.

Assume an attacker profile on the order of 9/11: 20 to 30 unskilled people, and about $500,000 with which to buy skills, equipment, etc.

For the record, 1) I have no interest in promoting terrorism—I’m not even sure how I could promote terrorism without actually engaging in terrorism, 2) I’m pretty experienced, and 3) my movie-plot threat contests are not misguided. You can’t understand security defense without also understanding attack.

Australian police are claiming the assignment was illegal, so Australians who enter my movie-plot threat contests should think twice. Also anyone writing a thriller novel about terrorism, perhaps.

An AFP spokeswoman said it was an offence to collect or make documents preparing for or assisting a terrorist attack.

It was also illegal to be “reckless as to whether these documents may assist or prepare for a terrorist attack”.

Posted on August 31, 2010 at 6:42 AM • View Comments

Fifth Annual Movie-Plot Threat Contest Winner

On April 1, I announced the Fifth Annual Movie Plot Threat Contest:

Your task, ye Weavers of Tales, is to create a fable of fairytale suitable for instilling the appropriate level of fear in children so they grow up appreciating all the lords do to protect them.

On May 15, I announced the five semi-finalists. Voting continued through the end of the month, and the winner (improved by the author, with help from blog comments) is:

The Gashlycrumb Terrors, by Laura

A is for anthrax, so deadly and white.
B is for burglars who break in at night.
C is for cars that, with minds of their own,
accelerate suddenly in a school zone.
D is for dynamite lit with a fuse.
E is for everything we have to lose.
F is for foreigners, different and strange.
G is for gangs and the crimes they arrange.
H is for hand lotion, more than three ounces;
pray some brave agent sees it and pounces.
I is for ingenious criminal plans.
J is for jury-rigged pipe-bombs in vans.
K is for kids who would recklessly play
in playgrounds and parks with their friends every day.
L is for lead in our toys and our food.
M is for Mom’s cavalier attitude.
N is for neighbors—you never can tell:
is that a book club or terrorist cell?
O is for ostrich, with head in the sand.
P is for plots to blow up Disneyland.
Q is for those who would question authorities.
R is for radical sects and minorities.
S is for Satanists, who have been seen
giving kids razor blades on Halloween.
T is for terrorists, by definition.
U is for uncensored acts of sedition.
V is for vigilance, our leaders’ tool,
keeping us safe, both at home and at school.
W is for warnings with colors and levels.
X is for x-raying bags at all revels.
Y is for *you*, my dear daughter or son
Z is for Zero! No tolerance! None!

Laura, contact me with your address so I can send you your prize. Anyone interesting in illustrating this, preferably in Edward Gorey’s style, should e-mail me first.

History: The First Movie-Plot Threat Contest rules and winner. The Second Movie-Plot Threat Contest rules, semifinalists, and winner. The Third Movie-Plot Threat Contest rules, semifinalists, and winner. The Fourth Movie-Plot Threat Contest rules and winner.

Posted on June 15, 2010 at 6:02 AM • View Comments

Fifth Annual Movie-Plot Threat Contest Semi-Finalists

On April 1, I announced the Fifth Annual Movie Plot Threat Contest:

Your task, ye Weavers of Tales, is to create a fable of fairytale suitable for instilling the appropriate level of fear in children so they grow up appreciating all the lords do to protect them.

Submissions are in, and here are the semifinalists.

Untitled story about polar bears, by Mike Ferguson.
“The Gashlycrumb Terrors,” by Laura.
Untitled Little Red Riding Hood parody, by Isti.
“The Boy who Didn’t Cry Wolf,” by yt.
Untitled story about exploding imps, by Mister JTA.

Cast your vote by number; voting closes at the end of the month.

Posted on May 14, 2010 at 6:51 AM •

←Previous 1 2 3 4 5 … 7 Next→

Sidebar photo of Bruce Schneier by Joe MacInnis.