On Thu, Jul 03, 2014 at 11:25:36AM -0700, Russ Allbery wrote: [snip] > If the NSA are going to hide back-doors in open source projects (a rather > dubious idea to start with, given how difficult it is and how much social > blowback there would be when such a thing was inevitably discovered), they > would focus on highly-opaque code that cannot be easily audited except by > experts. That's why people are very worried about crypto libraries and > particularly crypto algorithms that involve special magic numbers. That's > an obvious place to conceal such a thing.
An obvious pick that'd be both opaque and hard-hitting against a saddening amount of open source systems would be the non-free NVidia driver. Why would the NSA take even the slightest risk of discovery when they could put a backdoor in a driver for a piece of hardware that has full access to your system? Kind regards, David -- /) David Weinehall <t...@debian.org> /) Rime on my window (\ // ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ // Diamond-white roses of fire // \) http://www.acc.umu.se/~tao/ (/ Beautiful hoar-frost (/ -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20140703205053.gc16...@hirohito.acc.umu.se
