Russell Coker <[email protected]> wrote: > Next if the NSA wanted to put some hostile code in the kernel then surely > they > would use a random gmail account to submit patches and not do anything bad > under their own name. >
Agreed. Further, if any government wanted to subvert cryptography they could do it by trying to sneak code into OpenSSL, NSS or GNUTLS - and the vulnerability would have to be subtle enough to escape notice by the maintainers. > The so-called "revelations" aren't anything particularly exciting anyway. > They merely confirm that some parts of the NSA recently started doing things > that lots of people expected them to have been doing since the 90's. Yes, exactly. What we don't know is whether any well-known cryptographic algorithms have been broken or weakened. As I recall however, the U.S. government is supposed to be moving toward elliptic curve cryptography, and the NSA has an interest in *protecting* the confidentiality of government information. _______________________________________________ luv-main mailing list [email protected] http://lists.luv.asn.au/listinfo/luv-main
