The reason you should compile your own crypto libs has nothing to do with
trust. You don't want identicle machine code for the pseudo random number
generation as everybody else. It makes bulk cryptanalisis easier because
NSA has a copy of the same binary, and can use that in a source +
cyphertext attack.
Some crypto libs are hardware dependent for randomness and other aspects
(the NSA uses capacitor noise for random seeds). Remember that a
configure script will make some choices, those choices may have to
do with the entropy of specific pieces of hardware or other
pheomena on your particular machine when compiling parts of a
cryptosystem. Having a native compile widens the set of possible
outcomes that an attacker has to consider, because there is no reference
binary to test keystream entropy against.
A source audit does nothing if you don't understand the math enough to
spot a bug. Besides, you'll probably run it anyway because it's better
than plaintext over a clear channel.
It's all a matter of personal preference and needs. Use whichever best
supports your security policy. In an enterprise, the binary makes more
sense because you can automate upgrades without worrying about the
integrity or availability of gcc on the machines the workers use and
recieve email attatchments on. If you atually know how to compile an app
without screwing it up, are sure that gcc hasn't been swapped out with a
cracked version, and are on your personal machine, then compiling may add
higher security.
tack
On Fri, 27 Jul 2001, [iso-8859-1] daniel j shahin wrote:
> the package doesn't install a stock key, it generates one using ssh-
> keygen. Usually the init scripts check for the existence of the key and
> gen one if it isn't there.
>
> d$
> > Personally I like to compile ssh rather then useing pkgadd.
> > It just feels more secure to me when i see it creating the key rather
> > then using
> > one that the pkg has.
> >
> > Justin Halterlein wrote:
> >
> >> There are things that I like to compile and things I dont
> >> like to compile. SsH is a decnet, i mean decent, thing to comile in
> >> my book.
> >>
> >> On Fri, 27 Jul 2001, [iso-8859-1] daniel j shahin wrote:
> >>
> >> > hmm. I suppose, but by that logic everything should be not just
> >> > compiled, but code audited for security too. I'm far too lazy for
> >> > that action...
> >> >
> >> > d$
> >> > > Yah, that's what i said, but i got all this flak from MikeG and
> >> > > Sach about how you _must_ compile your own SSH implementation
> >> > > _from scratch_.
> >> > >
> >> > >
> >> > > -Lkb
> >> > >
> >> > > On Fri, 27 Jul 2001, [iso-8859-1] daniel j shahin wrote:
> >> > >
> >> > >> or you could install the package(s) from:
> >> > >>
> >> > >> http://www.ibiblio.org/pub/packages/solaris/sparc/
> >> > >> or
> >> > >> http://www.sunfreeware.com
> >> > >>
> >> > >> much simpler.
> >> > >>
> >> > >> d$hahin
> >> > >>
> >> > >> > Hey, sun blueprints actually has an article on how to compile
> >> > >> > and install openssh on solaris using gcc!
> >> > >> >
> >> > >> > http://www.sun.com/blueprints/0701/openSSH.html
> >> > >> >
> >> > >> > Guess you didn't have to write it after all Mike! :-)
> >> > >> > -Lkb
> >> >
> >> >
> >> >
>
>
>
--
------------------------------------------
"Oh Dear, She's stuck in an infinite loop,
and he's an idiot!" --Prof Farnsworth
