Non-Obvious Bugs By Example presented at Berlinsides 2010

by Greg ,

Tags: Security Exploitation


Summary : Two not directly obvious bugs in crypto related code and their exploitation
Over the years the identification and exploitation of high-level bugs has become more important. Especially cryptographic implementations can easily be affected by subtle bugs. This talk shows two examples of bugs in crypto related code: one in a message authentication code implementation and one in the use of a random number generator, showing the effects of improper use of otherwise good cryptographic primitives. For the theoretically inclined, a part of the talk will be include a bit of math. For the more practical people, the full exploitation of the bugs will be shown. Interestingly, the two vulnerabilities are in code parts that have already been subject to review - underlining that those bugs are easily overlooked.

Greg : Specific user from berlin sides , no extra details provided