7 comments

[ 5.5 ms ] story [ 31.5 ms ] thread
ummm... so this means they broke their implementation of the encryption, not that they have found a way to break the encryption in order to find the unencrypted source?
Correct.
From the article, it seems that what is really broken is the I/O in the web interface - input is (wrongly) 'sanitized', output printing is misformatted.

Trite lesson we (do not) learn from this: beware trivial tasks that don't seem worth the trouble of testing.

Who cares? Government agency has buggy web-accessible implementation of SHA1. Not notable, and a link-bait title to boot.
Link bait title. I had my hopes up for something juicy only to find out something I already knew... government employees build crappy software.
> government employees build crappy software

That is quite the generalization. Out of the same national lab comes MPICH for example which is installed on nearly every large supercomputer that needs a message passing library. It's very robust, portable, performant, and popular.

http://www.mcs.anl.gov/research/projects/mpich2/

National labs are far more like normal companies than you might imagine. The software efforts are done by small teams that vary in their aims, funding, talent, competitional pressure, and enthusiasm. Pretty much like any other software environment...

Take a look at the error rates discussed in this story about NASA and I don't know how you could generalize that "government employees build crappy software": http://www.fastcompany.com/node/28121/print

You're right; the title was horrible. Thanks to whoever changed it.

No bait intended. Thought it might spur some discussion. I learn a great deal from anything crypto-related on HN.