On Fri, Jan 30, 2009 at 03:37:22PM -0800, Taral wrote: > On Fri, Jan 30, 2009 at 1:41 PM, Jonathan Thornburg > <jth...@astro.indiana.edu> wrote: > > For open-source software encryption (be it swap-space, file-system, > > and/or full-disk), the answer is "yes": I can assess the developers' > > reputations, I can read the source code, and/or I can take note of > > what other people say who've read the source code. > > Really? What about hardware backdoors? I'm thinking something like the > old /bin/login backdoor that had compiler support, but in hardware.
Plus: that's a lot of code to read! A single person can't hope to understand the tens of millions of lines of code that make up the software (and firmware, and hardware!) that they use every day on a single system. Note: that's not to say that open source doesn't have advantages over proprietary source. --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majord...@metzdowd.com
