I was once on a team that had a product with some crypto features that was under attack.
There was a hackers forum where daily discoveries were discussed.
It was indeed exhilarating, and exactly that way you describe it: on one hand, we didn't really want the thing to be cracked, but on the other it was impossible not to be rooting for those scrappy hackers going down the wrong path at first before figuring out the right one, one step at a time. Every morning, we'd log in to that forum to check their overnight progress.
Still, we were confident that our bank-strength crypto algorithm would prevail.
It did not. :-)
While we had done our due diligence, an external implementation partner had decided to change the audited code later in the process, which broke things completely, in the most embarrassing way.
In the end, it didn't matter, and we probably sold a few more units that what we would have sold without the broken crypto.
It was summer 2001. The 3Com Audrey internet appliance wasn't quite canceled yet, but it wasn't thriving in the marketplace, either. I picked one up for $50 from uBid and started poking at it, blogging about my discoveries along the way. I figured out that the OTA image checksum was relatively simple to generate (something like two's-complement addition of running 32-bit integers that needed to sum to a specific constant). This enabled me to alter the next OTA image that came off the wire, which allowed me to begin replacing resources and binary components in the system.
By this point people were following the blog, occasionally linking to it on Slashdot. But then something strange happened: I started receiving anonymous emails from individuals who knew a lot about the Audrey OS's internals. They gave me hints about where the more vulnerably coded parts of the system were; they suggested hard-to-stumble-upon but valuable URLs in the Marimba OTA system; and one day when I foolishly overwrote the bootloader with a malformed image, just a couple days later a brand-new Audrey motherboard mysteriously appeared on my doorstep (at the time I didn't live very far from 3Com, and this was an age of the internet when nobody had much reason to hide their identities).
Thus, with the help of numerous knowledgeable individuals, I was able to bootstrap the Audrey modding community. The focus of the world changed soon thereafter, one Tuesday in September, but it was otherwise a similarly exhilarating experience to the one TomVDB describes. The difference was that I was the hacker, and the opposing team -- the one that had built this amazing machine (which I still have two of, by the way, both unopened) -- actually wanted me to succeed, hopefully giving the Audrey a better chance than it got during its initial, ill-fated, mid-dot-com-bust launch.
Sounds very interesting. This being hacker news, are you able to elaborate a bit on the specifics, specifically the type of crypto and how it was broken?
I wonder what the "most embarrassing way" would mean in this context -- I'm thinking timing attack or padding oracles, but it sounds like it might have been even more trivial.
Very close to a real world scenario. I usually bring it up to compare big teams to small. (Our small team was being replaced by a big, expensive team, and I found an issue in 15 minutes that the new team had created - despite sharing my findings immediately, it still took their team weeks to find it "on their own", admit to it, and finally fix it.)
There was a CAPTCHA used to prevent bot spam on a contest entry portal. The code that randomized the image displayed was modified to be stored in an application cache that persisted across sessions (meaning every "user" saw the same image and could use the same answer). Guess how useful that was in preventing bot spam?
(The fix was to delete one or two lines of code that were not only not helpful, but obviously harmful!)
There was a hackers forum where daily discoveries were discussed.
It was indeed exhilarating, and exactly that way you describe it: on one hand, we didn't really want the thing to be cracked, but on the other it was impossible not to be rooting for those scrappy hackers going down the wrong path at first before figuring out the right one, one step at a time. Every morning, we'd log in to that forum to check their overnight progress.
Still, we were confident that our bank-strength crypto algorithm would prevail.
It did not. :-)
While we had done our due diligence, an external implementation partner had decided to change the audited code later in the process, which broke things completely, in the most embarrassing way.
In the end, it didn't matter, and we probably sold a few more units that what we would have sold without the broken crypto.
Fun times.