No announcement yet.

The challenge Black Hat would not take

  • Filter
  • Time
  • Show
Clear All
new posts

  • The challenge Black Hat would not take

    Black Hat Challenge DEFCON forum Opening thread:

    The legal starting date and official rules of this contest will be announced at the start of DEFCON Aug 1, 2013. Any requests to register for the contest before the official starting date will be ignored as in non-compliance with contest rules.

    The website at has a great deal of scientific information that may assist you with this contest.

    We are interested in science. The only thing that matters with this contest is whether the Contest Key can be broken.

    A good place to start is actually learning about the algorithm which is used to encrypt the contest file.

    This video link provides a tutorial on how a Whitenoise key is constructed.

    This video shows the construction of a Whitenoise key and then shows typical speed testing done in the same fashion that AES and other kinds of keys are tested. With a little bit of looking on the WNL website this utility is available for download for academic use. Whitenoise Key Creation and Speed testing

    This video demonstration shows the factoring of prime number composites to determine the only two numbers, other than the prime composite value itself and the value 1 that will devide into a prime number composite without having a remainder.

    It is against the law to provide anyone this utility without a permit through EXCOL, the regulatory agency of Canada for controlled and dangerous goods. If you are NOT prepared to go through that legal process, do not bother asking for it. Factorization

    Contest web site – not official until legal starting date.

  • #2
    If it looks like a fish and smells like a fish it probably is Two Fish Mr. Schneier

    There are 10 days until the official launch of

    The Whitenoise Challenge That Black Hat Would Not Take.

    Some crypto guys write cryptically, like me.

    Some crypto guys are said to actually blow fish.

    But this really is a tale of two fish (actually more but we will get to that bit by bit. They say a mouse can swallow the elephant in the question and answer room but he has to do it a byte at a time.)

    Well here is our first contest within a contest.

    And we let the DEFCON members see if they can identify their best Deaf CON ARTIST.

    Their votes will help us choose a winner!

    The Li’l Miss Chrissie Hyndes Trophy is awarded to whomever DEFCON members think is a great pretender.

    The votes just may determine who has to kiss DEFCON hyndes, too.

    On the contest launch day, we will post the link where DEFCON attendees can vote. We urge scientific integrity and participation in the critical question of our day: How do we balance privacy and security? The first important thing might be to listen to honest leaders and demand accountability. Then we might demand things like ethics, scientific method and the like.

    The 10 days leading up to the contest, and the few weeks before assuming his place in the great halls of education like Harvard or MIT or wherever begins, certainly not a Chair in Ethics 101 or Scientific Method 101, should be plenty of time for the author of Snake Oil and the Dog House to actually demonstrate his ability and integrity for all his future students (and you – the DEFCON viewing audience). Draw you own conclusions. Words are cheap.

    See if you can guess who will get my vote for the Li’l Miss Chrissie Hynde Trophy!

    Open letter –

    Mr. Schneier,

    You wrote in your Snake Oil and Dog House piece:

    “You've got your weird "independent evaluation" by experts who seem to have no actual expertise in cryptography.”

    Would you please apologize to David Wagner?

    Even though we will prove you had the independent evaluation in hand, we will let DEFCON dig for the rest of the connection.

    The independent evaluation was done by David Wagner, a crypto security expert that has testified before congress. David Wagner, of the University of California, Berkeley wrote in the evaluation that a Whitenoise key couldn’t be broken in a trillion years! Actually that’s way short but readers should go take their own look at the paper.

    I believe he was one of the individuals that helped morphed your (?) blow fish into two fish when you were unsuccessful in an AES contest but some DEFCON members likely will do the investigative journalism to dig that out.

    To refresh your memory here is the security analysis by David Wagner, assistant to Two Fish (?) yet again. And yes, I do believe he knew about cryptanalysis.

    Tomorrow DIVA will discuss a little quirk in Canadian privacy and intelligence law that enabled us to be able to document that you KNEW about David’s study before you published your bit and that you knew you were writing about Whitenoise in an implementation called Tinnitus, and that you refused to allow any rebuttal in your digital rag. Do you think the experts in DEFCON have a tin ear?

    We will let DEFCON members try to figure out or speculate about your motives and agenda.

    André Brisson

    Here is Bruce’s scientific method.

    The Doghouse: BSB Utilities

    I got this as spam, no less. It's your typical one-time-pad-that's-really-a-stream-cipher proprietary algorithm. You've got your infinitely long key. You've got your claims of more security than anything else on the market. You've got your weird "independent evaluation" by experts who seem to have no actual expertise in cryptography.

    But this is my favorite quote off the Web site: "One of the primary means of testing the solidness of a form of encryption is to test the randomness of the data it creates." Haven't these people ever heard of cryptanalysis?


    June 15, 2003
    by Bruce Schneier
    Founder and CTO
    Counterpane Internet Security, Inc.

    Tomorrow on this blog we will introduce a third fish and look at IACR and ePrint behavior and manipulation.

    We will also start another contest within a contest called:

    Who are Wu? Wu Wu – Wu Wu

    I will also post a one book reading list for students at Harvard or MIT or wherever since Mr. Schneier will likely be busy showing you all that he can break Whitenoise – or what he termed snake oil.

    Oh, and since Mr. Schneier will be busy breaking Whitenoise, DEFCON members can use that time while they are watching him, to SEE how Whitenoise keys are made:

    I think they are smart enough to multi task – watch you and actually start their own testing at the same time.