> From: [email protected] [mailto:discuss- > [email protected]] On Behalf Of Derek Martin > > Or... unless the NSA or some other organization has > paid off the vendor to intentionally include weaknesses for them to > exploit.
If I give you a library that implements something like SHA1, it has a well defined deterministic behavior. For any given input, it must produce a predetermined output, deterministically. Please explain how it's possible to intentionally include a weakness into closed source implementation of this, and *not* equally possible to include such a weakness into an open source implementation. Please provide an answer which doesn't include "Everybody should read and compile everything for themselves." _______________________________________________ Discuss mailing list [email protected] http://lists.blu.org/mailman/listinfo/discuss
