At Sun, 04 May 2008 20:14:42 -0400,
Perry E. Metzger wrote:
> Marcos el Ruptor <[EMAIL PROTECTED]> writes:
> > All this open-source promotion is a huge waste of time. Us crackers
> > know exactly how all the executables we care about (especially all
> > the crypto and security related programs) work.
> With respect, no, you don't. If you did, then all the flaws in Windows
> would have been found at once, instead of trickling out over the
> course of decades as people slowly figure out new unintended
> behaviors. Anything sufficiently complicated to be interesting simply
> cannot be fully understood by inspection, end of story.

Without taking a position on the security of open source vs. closed
source (which strikes me as an open question), I agree with Perry
that deciding whether a given piece of software has back doors is
not really possible for a nontrivial piece of software. Note that
this is a very different problem from finding a single vulnerability
or answering specific (small) questions about the code [0].


[0] That said, I don't think that determining whether a nontrivial
piece of software security vulnerabilities is difficult. The
answer is "yes".

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Reply via email to