[143267] in cryptography@c2.net mail archive
Re: full-disk subversion standards released
daemon@ATHENA.MIT.EDU (Nicolas Williams)
Sat Jan 31 12:31:46 2009
Date: Fri, 30 Jan 2009 18:26:30 -0600
From: Nicolas Williams <Nicolas.Williams@sun.com>
To: Taral <taralx@gmail.com>
Cc: Jonathan Thornburg <jthorn@astro.indiana.edu>, John Gilmore <gnu@toad.com>,
Peter Gutmann <pgut001@cs.auckland.ac.nz>, cryptography@metzdowd.com,
smb@cs.columbia.edu
In-Reply-To: <fa0147d90901301537s3d3bf5b0wad0d60a41787d88c@mail.gmail.com>
On Fri, Jan 30, 2009 at 03:37:22PM -0800, Taral wrote:
> On Fri, Jan 30, 2009 at 1:41 PM, Jonathan Thornburg
> <jthorn@astro.indiana.edu> wrote:
> > For open-source software encryption (be it swap-space, file-system,
> > and/or full-disk), the answer is "yes": I can assess the developers'
> > reputations, I can read the source code, and/or I can take note of
> > what other people say who've read the source code.
>
> Really? What about hardware backdoors? I'm thinking something like the
> old /bin/login backdoor that had compiler support, but in hardware.
Plus: that's a lot of code to read! A single person can't hope to
understand the tens of millions of lines of code that make up the
software (and firmware, and hardware!) that they use every day on a
single system. Note: that's not to say that open source doesn't have
advantages over proprietary source.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
