"Edward Ned Harvey (blu)" <[email protected]> writes: >> From: [email protected] [mailto:discuss- >> [email protected]] On Behalf Of Tom Metro >> >> Uses closed-source, proprietary software. Nullifies the first point. > > Disagree. Both windows and mac are closed-source OSes, which provide > standard crypto libraries to the application layer. The fact that > your OS is closed source immediately nullifies your above > nullification argument, because it's literally impossible for you to > run a completely open source stack, unless you switch to a different > OS.
Then don't use closed source OSes? I guess then you have to ask whether the layer underneath that and the compiler bootstrapping was compromised. > > More: While we all agree that more eyes and more scrutiny (open > source) are good for security of a crypto library, the honest truth > is, it's more *trained* and dedicated eyes that matters. And you can > only count the ones who want to help. The flip side is that the bad > guys also get the open source, and sometimes they keep their > discoveries secret. > > The honest truth is, flaws exist in both open and closed source. Some > of each are great. Some of each are crap. Some were accidental, and > some were planted by the NSA coercing Linus (or whoever). > > As a software developer, who develops closed source software that does > (amongst other things) encryption and transport of user files, I can > say this: I scrutinize all the open and closed source libraries and > applications that I use. I care greatly about using them correctly, > and ensuring strong crypto to the best of my abilities. It is > *appalling* how often I look at open source, as well as closed source > stuff, and determine that it's bad crypto. How do you examine closed source crypto? It's a fair argument that the code being available isn't sufficient to have all its bugs (intentional or normal) found, but if the code's not available at all... _______________________________________________ Discuss mailing list [email protected] http://lists.blu.org/mailman/listinfo/discuss
