Hi, thus, if you download gentoo, and build that completely from scratch, you are not 100.00000000000000% safe. The downloaded version of gentoo comes with a prebuilt compiler.
In saying that, I am using gentoo as an example. I am not implying their compiler builds back doors in binaries. Derek. ============================================================== On Fri, 19 Jan 2007, Carl Cerecke wrote: > The point (IIRC) of Ken Thompson's paper is that, even if you show > that the source has no back door, it still doesn't guarantee that the > compiled program has no back door, because the compiler may insert the > back door when compiling. And it doesn't help if you have the source > code to the compiler either. > > Cheers, > Carl. > > On 19/01/07, alanw <[EMAIL PROTECTED]> wrote: > > Maybe the nuts and bolts of the NSAKEY controversy are over my head, but I > > surely get the message about trust. > > > > If I use a computer and don't know what's in it (the box, the code), I AM > > trusting someone already. > > > > Should I really be so trusting? Leave the backdoor unlocked? > > > > I certainly know where the backdoor is on my house. But where is it on the > > devices I use everyday... my computer (sic), my phone...? > > > > > > ----- Original Message ----- > > From: Carl Cerecke <[EMAIL PROTECTED]> > > To: <[email protected]> > > Sent: Friday, January 19, 2007 11:28 AM > > Subject: Re: OT:[Fwd: TP: How NSA access was built into Windows] > > > > > Ah. That is a classic paper. Worth taking the time to understand. I fear > > though, that understanding it might be out of reach for some. Cheers, Carl. > > > > > > > > > > -- Derek Smithies Ph.D. IndraNet Technologies Ltd. Email: [EMAIL PROTECTED] ph +64 3 365 6485 Web: http://www.indranet-technologies.com/
