Security ?
Dave Ihnat
dihnat at dminet.com
Fri Dec 17 18:14:06 UTC 2010
On Fri, Dec 17, 2010 at 12:02:59PM -0500, David Liguori wrote:
> Isn't a major argument for open-source that any "back-door" would in
> principle be visible for all to see--at least all who understand the
> code and are willing to test it? In practice it may not be that easy to
> find, ...
*Shrug*. I've not perused the code, but remember that you have to be
looking to find problems; if nobody's doubted the implementation, few have
probably examined it in detail . It's certainly not going to be labeled
/* Backdoor Here */
It may be as subtle as actually modifying the calculation to have a
designed weakness, meaning it wouldn't just be code analysis but
cryptanalysis of the encryption--reversing the code to the equation and
analyzing *that*.
Cheers,
--
Dave Ihnat
dihnat at dminet.com
More information about the users
mailing list