The point (IIRC) of Ken Thompson's paper is that, even if you show that the source has no back door, it still doesn't guarantee that the compiled program has no back door, because the compiler may insert the back door when compiling. And it doesn't help if you have the source code to the compiler either.
Cheers, Carl. On 19/01/07, alanw <[EMAIL PROTECTED]> wrote:
Maybe the nuts and bolts of the NSAKEY controversy are over my head, but I surely get the message about trust. If I use a computer and don't know what's in it (the box, the code), I AM trusting someone already. Should I really be so trusting? Leave the backdoor unlocked? I certainly know where the backdoor is on my house. But where is it on the devices I use everyday... my computer (sic), my phone...? ----- Original Message ----- From: Carl Cerecke <[EMAIL PROTECTED]> To: <[email protected]> Sent: Friday, January 19, 2007 11:28 AM Subject: Re: OT:[Fwd: TP: How NSA access was built into Windows] > Ah. That is a classic paper. Worth taking the time to understand. I fear though, that understanding it might be out of reach for some. Cheers, Carl.
