(resend, with right sender this time)
On 17/12/10 3:30 PM, Peter Gutmann wrote:
To put it more succinctly, and to paraphrase Richelieu, give me six lines of
code written by the hand of the most honest of coders and I'll find something
in there to backdoor.
This is the sort of extraordinary
On Fri, Dec 17, 2010 at 1:42 PM, Ian G i...@iang.org wrote:
(resend, with right sender this time)
On 17/12/10 3:30 PM, Peter Gutmann wrote:
To put it more succinctly, and to paraphrase Richelieu, give me six lines
of
code written by the hand of the most honest of coders and I'll find
Perhaps a bit more succinctly, the best way to eavesdrop on someone is to
tell them that their crypto is broken.
You have put it perfectly :-)
It is difficult to do better than this, but I've tried to be more succint with
Earnest, a comic strip about the behaviors of software and human beings
On 12/17/2010 07:42 AM, Ian G wrote:
(resend, with right sender this time)
On 17/12/10 3:30 PM, Peter Gutmann wrote:
To put it more succinctly, and to paraphrase Richelieu, give me six
lines of
code written by the hand of the most honest of coders and I'll find
something
in there to
On 17 Dec 2010 at 17:30, Peter Gutmann wrote:
...There'll be no way to tell whether any of the dozens of
tweaks and changes are a backdoor or not. How would you tell whether
something like a cast ( uint32_t ) /* For Solaris 9 with the SunPro 4.2
compiler */ is be a portability fix or a
On Fri, Dec 17, 2010 at 4:53 PM, Bernie Cosell ber...@fantasyfarm.com wrote:
On 17 Dec 2010 at 17:30, Peter Gutmann wrote:
...There'll be no way to tell whether any of the dozens of
tweaks and changes are a backdoor or not. How would you tell whether
something like a cast ( uint32_t ) /* For
Let's get back to the matter at hand.
I believe that there's another principle, which is that he who proposes,
disposes. I'll repeat -- it's up to the person who says there was/is a back
door to find it.
Searching the history for stupid-ass bugs is carrying their paranoid water.
*Finding* a
On 12/17/2010 09:46 AM, Kevin W. Wall wrote:
I like it. And I propose that this be the 6 lines of code:
int a;
int b;
int c;
int d;
int e;
int f;
OK, so what's your solution then? :-)
Because of my style with C++, I've written lots of bugs
On 17/12/10 18:51, Marsh Ray wrote:
I'm starting to get the idea that people just aren't reviewing the
commits on even medium-large-sized projects like OpenBSD as thoroughly
as we'd like to think.
Not enough positives.
To get around this, provide an incentive for coders to include back
doors
On Dec 17, 2010, at 12:34 39PM, Jon Callas wrote:
Let's get back to the matter at hand.
I believe that there's another principle, which is that he who proposes,
disposes. I'll repeat -- it's up to the person who says there was/is a back
door to find it.
Searching the history for
On Sat, Nov 27, 2010 at 08:19:39AM -0800, coderman wrote:
there are more than a few trivial protections in various
implementations [not OpenSSL current, per se] that cover usual cache
line side channels but leaky sieve in branch prediction cache or
hyper-threading context. and what other
On 12/17/2010 12:34 PM, Jon Callas wrote:
...snip...
Searching the history for stupid-ass bugs is carrying their paranoid
water. *Finding* a bug is not only carrying their water, but accusing
someone of being underhanded. The difference between a stupid bug and
a back door is intent. By
On 2010-12-17 6:28 PM, Zooko O'Whielacronx wrote:
He did not go on to declare (in that original message) that he
believed the coders in question to be innocent, but nor did he go on
to declare that he believed them to be guilty. To state facts is
sufficient and that's what Marsh Ray did.
James A. Donald jam...@echeque.com writes:
Must interoperate with legitimate code.
Must plausibly claim to utilize well known algorithms (while actually
misusing them or grossly deviating from them.).
Sheesh, I can do this without even thinking. Here's one:
/* Generate the random value k.
14 matches
Mail list logo