Take the trash-talker challenge!

[full-disclosure () lists netsys com (Nexus)]

----- Original Message -----
From: <aliver () xexil com>
To: "Full Disclosure" <full-disclosure () lists netsys com>
Sent: Tuesday, August 27, 2002 12:35 PM
Subject: [Full-disclosure] Take the trash-talker challenge!

> posted xxt.c on this list a few days back. Attached is a file which I've
> encrypted using my utility. If my detractors would like to prove what a
> silly ass I am then they should feel free to reverse the encrypted message

So this is a challenge not of your [implementation of] code, but the XTEA
algorithm last modified (AFAIAA) in October 1998 in response to an attack
against Block TEA though both XTEA and straight TEA where not affected ?
This challenge would also be against the MD5 hash as well, which like those
mentioned above have been beat up on by notable crypto types for a little
while ?

> challenge anyone to write a working exploit which would render a root
> shell when xxt is SUID root. If you succeed I will:

I don't understand the validity of this as your application has no
requirement to be SUID root at all.

> If you don't, then I'll consider you full of shit and you can go on
> posting garbage like what I've already seen, but your credibility will be
> even lower than it already is (if that is possible).

Ah well, since I can't really be arsed to throw a brute forcer at the
[still] extant open source crypto algorithms in your application and in no
way am I a Cryptanalyst, I guess that's me told... ;-)
I'm far too busy playing Uplink to learn what it is to be a real hacker...
Well, actually I am working on a Cygwin version of xxt but it's barfing
during ld; but I'll let you know :)

Cheers.