|
Posted by Dave U. Random on December 1, 2008, 10:32 am
If you were Registered and logged in, you could reply and use other advanced thread options
nemo_outis wrote:
>
> > "You can't trust code that you did not totally create yourself"
> > Ken Thompson "Reflections on Trusting Trust"
>
> I don't even trust code that I wrote :-)
Join the club.
|
|
Posted by nemo_outis on December 1, 2008, 12:30 pm
If you were Registered and logged in, you could reply and use other advanced thread options
Swat!
|
|
Posted by nemo_outis on November 28, 2008, 9:32 am
If you were Registered and logged in, you could reply and use other advanced thread options
...
>> In short, there is NO substantive public evidence that Truecrypt's
>> source code has been the subject of thorough review, nor is there any
>> reason to rely on the credentials of the developers (since they
>> remain anonymous). In that absence, using Truecrypt is an act of
>> blind faith every bit as much (or more!) than using a closed-source
>> encryption program.
> "You can't trust code that you did not totally create yourself"
> Ken Thompson "Reflections on Trusting Trust"
Yes, the above paper - which everyone here should read! - makes a very
powerful point.
But it gets worse, much worse.
Open source code is no panacea. First of all, I don't believe most open
source code gets anything more than very cursory review - if even that.
Oh sure, lots of people may briefly scan the code, a few people may look
at a few small parts of it more intensively, and if a bug or anomaly pops
up in use a few people may try to trace it back to the source code.
That's about it though.
Good thorough code review and testing is hard, tedious, painstaking work.
Hard work with little or no glory in it. Hard work, that to be truly
effective, would have to be repeated with each new software release,
including regression testing, etc. Many, many man-months using a
*structured* approach, not ad-hoc-ery. I don't think that gets done.
But it gets worse yet. Not only do I think that, in general, open-source
testing mostly doesn't get done (except on a very hit and miss basis),
the problem is far worse for cryptographic code. Cryptographic code
requires special expertise, expertise in short supply. Here the "many
eyes" concept of open-source code inspection breaks down badly, since so
few of those eyes are qualified.
But it gets worse yet. As Ross Anderson (of Cambridge) points out in
several scholarly papers, open source opens the code to *both* white hats
and black hats, aiding both defence and offence. The black hats are
looking for exploitable flaws, and having the source code is a big help.
Worse yet, with crypto code, the black hats (e.g., the NSA) may have much
more motivation, much better-qualified people, and much bigger budgets
than the white hats. And, obviously, the black hats aren't going to
publish their findings.
But it gets worse yet. Open source review has some chance (not nearly as
good as is commonly thought IMHO) of winkling out bugs, but it is much
less likely to be effective at outing backdoors that have been created
and carefully disguised by skilled opponents (I'll answer objections
about JAP, etc. if called upon). The proof of how hard it can be to find
carefully crafted flaws in code (rather than ordinary unintentional ones)
is illustrated brilliantly by the annual "Underhanded C" contest. You
can stare for an hour at 20 lines of code, knowing that there is a bug
there, and exactly what kind of bug it is, and still not see it. If the
NSA has tens of thousands of lines of source code to sneak in a flaw I
have little doubt that the chances of it being outed by less than man-
years of careful inspection is damned near zero. Open source may work
for outing bugs, but outing good backdoors is a whole different game!
Ain't life a bitch?
Regards,
|
|
Posted by Marty on November 28, 2008, 1:10 pm
If you were Registered and logged in, you could reply and use other advanced thread options
>>
>> Open source code is no panacea. [SNIP]
>
>> Hard work with little or no glory in it. [SNIP]
>>
>> Here the "many
>> eyes" concept of open-source code inspection breaks down badly, since so
>> few of those eyes are qualified. [SNIP]
>> The black hats are
>> looking for exploitable flaws, and having the source code is a big help.
[SNIP]
In the meantime, Linux is growing and thriving. And for some reason
you don't need a new operating system to run new hardware - like
USB on Win9x because there is no driver available. Imagine that.
Marty
|
|
Posted by Ari on November 28, 2008, 7:33 pm
If you were Registered and logged in, you could reply and use other advanced thread options
> On Fri, 28 Nov 2008 12:48:38 -0500, Ari
>
>>>
>>> Open source code is no panacea. [SNIP]
>>
>>> Hard work with little or no glory in it. [SNIP]
>>>
>>> Here the "many
>>> eyes" concept of open-source code inspection breaks down badly, since so
>>> few of those eyes are qualified. [SNIP]
>
>>> The black hats are
>>> looking for exploitable flaws, and having the source code is a big help.
[SNIP]
>
> In the meantime, Linux is growing and thriving. And for some reason
> you don't need a new operating system to run new hardware - like
> USB on Win9x because there is no driver available. Imagine that.
>
> Marty
McFly, if you don't think that distros of Linux can be comprmised,
you're delusional.
Imagine that.
--
Meet Ari!
http://tr.im/1fa3
|
| Similar Threads | Posted | | Re: DriveCrypt | November 26, 2008, 6:11 pm |
| Re: DriveCrypt | December 1, 2008, 9:40 am |
| DriveCrypt | July 7, 2009, 4:29 am |
| bestcrypt 7.20 vs drivecrypt 4.4 | December 18, 2006, 7:37 am |
| DriveCrypt Plus Boot Problem | November 16, 2008, 3:50 pm |
| Drivecrypt won't open dcv file on DVD disk | February 10, 2008, 11:57 am |
| Drivecrypt pre-boot auth versus multiple users | October 11, 2005, 3:12 pm |
|
|
Yahoo! 
Google 
Windows Live 
del.icio.us 
digg 
Netscape 
XML site map