Am Mittwoch, 20. Januar 2016, 00:34:42 schrieb Peter Gutmann: > Less serious ways to do it involve motivating attackers to do the audit for > you: > > - Use it in a DRM scheme. > - Use it to lock down a Playstation so you can't run Linux on it. > - Present it to UK universities as "a system designed by a French > university". > - Post it anonymously to sci.crypt as a leaked government > design.
Haha, that will certainly work ;-). One experience with code audits is that the first hour is the by far most productive. If you want to hide secret backdoors, make sure the code is big and difficult to navigate, so that people won't get to your backdoor in the first hour, no matter where they start. Large source code bases like GnuPG or OpenSSL are ideal to bury backdoors like Heartbleed. When it's actually fun to look through the code, people do it. -- Bernd Paysan "If you want it done right, you have to do it yourself" net2o ID: kQusJzA;7*?t=uy@X}1GWr!+0qqp_Cn176t4(dQ* http://bernd-paysan.de/
signature.asc
Description: This is a digitally signed message part.
_______________________________________________ Tech mailing list Tech@cryptech.is https://lists.cryptech.is/listinfo/tech
