Entries Tagged "contests"

Page 4 of 7

DHS Cybersecurity Awareness Campaign Challenge

This is a little hokey, but better them than the NSA:

The National Cybersecurity Awareness Campaign Challenge Competition is designed to solicit ideas from industry and individuals alike on how best we can clearly and comprehensively discuss cybersecurity with the American public.

Key areas that should be factored into the competition are the following:

  • Teamwork
  • Ability to quantify the distribution method
  • Ability to quantify the receipt of message
  • Solution may under no circumstance create spam
  • Use of Web 2.0 Technology
  • Feedback mechanism
  • List building
  • Privacy protection
  • Repeatability
  • Transparency
  • Message

It should engage the Private Sector and Industry leaders to develop their own campaign strategy and metrics to track how to get a unified cyber security message out to the American public.

Deadline is end of April, if you want to submit something. “Winners of the Challenge will be invited to an event in Washington D.C. in late May or early June.” I wonder what kind of event.

Posted on April 2, 2010 at 6:14 AMView Comments

Fifth Annual Movie-Plot Threat Contest

Once upon a time, men and women throughout the land lived in fear. This caused them to do foolish things that made them feel better temporarily, but didn’t make them any safer. Gradually, some people became less fearful, and less tolerant of the foolish things they were told to submit to. The lords who ruled the land tried to revive the fear, but with less and less success. Sensible men and women from all over the land were peering behind the curtain, and seeing that the emperor had no clothes.

Thus it came to pass that the lords decided to appeal to the children. If the children could be made more fearful, then their fathers and mothers might also become more fearful, and the lords would remain lords, and all would be right with the order of things. The children would grow up in fear, and thus become accustomed to doing what the lords said, further allowing the lords to remain lords. But to do this, the lords realized they needed Frightful Fables and Fear-Mongering Fairytales to tell the children at bedtime.

Your task, ye Weavers of Tales, is to create a fable or fairytale suitable for instilling the appropriate level of fear in children so they grow up appreciating all the lords do to protect them.

That’s this year’s contest. Make your submissions short and sweet: 400 words or less. Imagine that someone will be illustrating this story for young children. Submit your entry in comments; deadline is May 1. I’ll choose several semifinalists, and then you all will vote for the winner. The prize is a signed copy of my latest book, Cryptography Engineering. And if anyone seriously wants to illustrate this, please contact me directly—or just go for it and post a link.

Thank you to loyal reader—and frequent reader of my draft essays—”grenouille,” who suggested this year’s contest.

And good luck!

The First Movie-Plot Threat Contest rules and winner. The Second Movie-Plot Threat Contest rules, semifinalists, and winner. The Third Movie-Plot Threat Contest rules, semifinalists, and winner. The Fourth Movie-Plot Threat Contest rules and winner.

EDITED TO ADD (4/1): I’m looking for entries in the form of a fairytale or fable. Plot summaries and descriptions won’t count as entries, although you are welcome to post them and comment on them—and use them if others post them.

EDITED TO ADD (5/15): Voting is now open here.

Posted on April 1, 2010 at 6:24 AMView Comments

TSA Logo Contest Winner

In January I announced a contest to redesign the TSA logo. Last week I announced the five finalists—chosen by Patrick Smith from "Ask the Pilot" and myself—and asked you all to vote on the winner.

Four hundred and seven votes later, we have a tie. No really; we have a tie. Rhys Gibson and “I love to fly and it shows” have 135 votes each. (It’s still a tie at 141 votes each if I give half credit for all split votes.) Both are well ahead of the third place winner, with 81 votes. There were a few ambiguous comments that could possibly break the tie, but rather than scrutinize the hanging chad any more closely, I’m going to appeal to the judges to cast the deciding votes.

Although both logos are excellent, both Patrick Smith and I vote for Rhys Gibson.

U.S. Department of Security Theatre logo

Congratulations. Send me your physical address and we’ll get you your prizes.

Posted on February 22, 2010 at 2:00 PMView Comments

TSA Logo Contest Finalists

Last month I announced a contest to redesign the TSA logo. Here are the finalists. Clicking on them will bring up a larger, and easier to read, version.

photo
Travis McHale
photo
Will Imholte
photo
Rhys Gibson
photo
Kurushio
photo
I love to fly and it shows


Vote in the comments. The winner will receive a copy of our most recent books, a fake boarding pass on any flight for any date, and an empty 12-ounce bottle labeled “saline” that you can refill and get through any TSA security checkpoint.

Voting will close at noon PST on Sunday, February 21.

EDITED TO ADD (2/22): Winner here.

Posted on February 14, 2010 at 3:28 PMView Comments

New Attack on Threefish

At FSE 2010 this week, Dmitry Khovratovich and Ivica Nikolic presented a paper where they cryptanalyze ARX algorithms (algorithms that use only addition, rotation, and exclusive-OR operations): “Rotational Cryptanalysis of ARX.” In the paper, they demonstrate their attack against Threefish. Their attack breaks 39 (out of 72) rounds of Threefish-256 with a complexity of 2252.4, 42 (out of 72) rounds of Threefish-512 with a complexity of 2507, and 43.5 (out of 80) rounds of Threefish-1024 with a complexity of 21014.5. (Yes, that’s over 21000. Don’t laugh; it really is a valid attack, even though it—or any of these others—will never be practical.)

This is excellent work, and represents the best attacks against Threefish to date. (I suspect that the attacks can be extended a few more rounds with some clever cryptanalytic tricks, but no further.) The security of full Threefish isn’t at risk, of course; there’s still plenty of security margin.

We have always stood by the security of Threefish with any set of non-obviously-bad constants. Still, a trivial modification—changing a single constant in the key schedule—dramatically reduces the number of rounds through which this attack can penetrate. If NIST allows another round of tweaks to the SHA-3 candidate algorithms, we will almost certainly take the opportunity to improve Skein’s security; we’ll change this constant to a value that removes the rotational symmetries that this technique exploits. If they don’t, we’re still confident of the security of Threefish and Skein.

And we’re always pleased to see more cryptanalysis against Threefish and Skein.

Posted on February 7, 2010 at 8:06 AMView Comments

768-bit Number Factored

News:

On December 12, 2009, we factored the 768-bit, 232-digit number RSA-768 by the number field sieve. The number RSA-768 was taken from the now obsolete RSA Challenge list as a representative 768-bit RSA modulus. This result is a record for factoring general integers. Factoring a 1024-bit RSA modulus would be about a thousand times harder, and a 768-bit RSA modulus is several thousands times harder to factor than a 512-bit one. Because the first factorization of a 512-bit RSA modulus was reported only a decade ago it is not unreasonable to expect that 1024-bit RSA moduli can be factored well within the next decade by an academic effort such as ours…. Thus, it would be prudent to phase out usage of 1024-bit RSA within the next three to four years.

[…]

Our computation required more than 1020 operations. With the equivalent of almost 2000 years of computing on a single core 2.2GHz AMD Opteron, on the order of 267 instructions were carried out. The overall effort is sufficiently low that even for short-term protection of data of little value, 768-bit RSA moduli can no longer be recommended.

News articles.

Posted on January 11, 2010 at 8:00 AMView Comments

Another Contest: Fixing Airport Security

Slate is hosting an airport security suggestions contest: ideas “for making airport security more effective, more efficient, or more pleasant.” Deadline is midday Friday.

I had already submitted a suggestion before I was asked to be a judge. Since I’m no longer eligible, here’s what I sent them:

Reduce the TSA’s budget, and spend the money on:

1. Intelligence. Security measures that focus on specific tactics or targets are a waste of money unless we guess the next attack correctly. Security measures that just force the terrorists to make a minor change in their tactics or targets is not money well spent.

2. Investigation. Since the terrorists deliberately choose plots that we’re not looking for, the best security is to stop plots before they get to the airport. Remember the arrest of the London liquid bombers.

3. Emergency response. Terrorism’s harm depends more on our reactions to attacks than the attacks themselves. We’re naturally resilient, but how we respond in those first hours and days is critical.

And as an added bonus, all of these measures protect us against non-airplane terrorism as well. All we have to do is stop focusing on specific movie plots, and start thinking about the overall threat.

Probably not what they were looking for, and certainly not anything the government is even going to remotely consider—but the smart solution all the same.

Posted on January 7, 2010 at 10:53 AMView Comments

TSA Logo Contest

Over at “Ask the Pilot,” Patrick Smith has a great idea:

Calling all artists: One thing TSA needs, I think, is a better logo and a snappy motto. Perhaps there’s a graphic designer out there who can help with a new rendition of the agency’s circular eagle-and-flag motif. I’m imagining a revised eagle, its talons clutching a box cutter and a toothpaste tube. It says “Transportation Security Administration” around the top. Below are the three simple words of the TSA mission statement: “Tedium, Weakness, Farce.”

Let’s do it. I’m announcing the TSA Logo Contest. Rules are simple: create a TSA logo. People are welcome to give ideas in the comments, but only actual created logos are eligible to compete. (When my website administrator wakes up, I’ll ask him how we can post images in the comments.) Contest ends on February 6. Winner receives copies of my books, copies of Patrick Smith’s book, an empty 12-ounce bottle labeled “saline” that you can refill and get through any TSA security checkpoint, and a fake boarding pass on any flight for any date.

EDITED TO ADD (1/6): Please leave links to your submissions in the comments, and I will add them to the post. After the contest is over, I’ll choose five finalists and post them. The winner will be chosen by popular acclaim.

The Entries:

photo
Sean Flanagan
photo
Tom B
photo
Rhys Gibson
photo
Baz (1)
photo
Baz (2)
photo
Russell Nelson
photo
Kurushio
photo
Cathy
photo
Tonio Loewald
photo
I love to fly and it shows (1)
photo
Evanda
photo
Shesparticular
photo
MrJM
photo
Amy
photo
Hudsn
photo
Auximinus
photo
DS
photo
Pox Voldius
photo
I love to fly and it shows (2)
photo
Brendan McTague
photo
Andy S.
photo
Pope Noonius I
photo
Travis McHale
photo
T
photo
Matthew Williams
photo
Will Imholte


EDITED TO ADD: vote on the finalists here.

Posted on January 6, 2010 at 8:42 AMView Comments

Skein News

Skein is one of the 14 SHA-3 candidates chosen by NIST to advance to the second round. As part of the process, NIST allowed the algorithm designers to implement small “tweaks” to their algorithms. We’ve tweaked the rotation constants of Skein. This change does not affect Skein’s performance in any way.

The revised Skein paper contains the new rotation constants, as well as information about how we chose them and why we changed them, the results of some new cryptanalysis, plus new IVs and test vectors. Revised source code is here.

The latest information on Skein is always here.

Tweaks were due today, September 15. Now the SHA-3 process moves into the second round. According to NIST’s timeline, they’ll choose a set of final round candidate algorithms in 2010, and then a single hash algorithm in 2012. Between now and then, it’s up to all of us to evaluate the algorithms and let NIST know what we want. Cryptanalysis is important, of course, but so is performance.

Here’s my 2008 essay on SHA-3. The second-round algorithms are: BLAKE, Blue Midnight Wish, CubeHash, ECHO, Fugue, Grøstl, Hamsi, JH, Keccak, Luffa, Shabal, SHAvite-3, SIMD, and Skein. You can find details on all of them, as well as the current state of their cryptanalysis, here.

In other news, we’re making Skein shirts available to the public. Those of you who attended the First Hash Function Candidate Conference in Leuven, Belgium, earlier this year might have noticed the stylish black Skein polo shirts worn by the Skein team. Anyone who wants one is welcome to buy it, at cost. Details (with photos) are here. All orders must be received before 1 October, and then we’ll have all the shirts made in one batch.

Posted on September 15, 2009 at 6:10 AMView Comments

1 2 3 4 5 6 7

Sidebar photo of Bruce Schneier by Joe MacInnis.