[GLLUG] Am I over-reacting to this?
Alain Williams
addw at phcomp.co.uk
Thu Jan 16 10:28:17 UTC 2014
On Thu, Jan 16, 2014 at 10:21:18AM +0000, John Edwards wrote:
> On Thu, Jan 16, 2014 at 10:01:00AM +0000, Adrian McMenamin wrote:
> > On 15 January 2014 22:26, John Edwards <john at cornerstonelinux.co.uk> wrote:
> <snip>
> >> Even compiling from source does not give you 100% safety, because you
> >> then need to trust the C compiler (see Ken Thompson).
> >
> > It might not even be the compiler - it might simply be impossible to know:
> >
> > http://arstechnica.com/security/2014/01/how-the-nsa-may-have-put-a-backdoor-in-rsas-cryptography-a-technical-primer/
>
> Impossible? If the application is open source then you *can* find out
> which algorithm is used (and more importantly - how it is implemented).
However few of us would be qualified to say that an encryption algorithm had
been properly implemented without any 'accidental' weakness - I know that I am
not good enough for that.
--
Alain Williams
Linux/GNU Consultant - Mail systems, Web sites, Networking, Programmer, IT Lecturer.
+44 (0) 787 668 0256 http://www.phcomp.co.uk/
Parliament Hill Computers Ltd. Registration Information: http://www.phcomp.co.uk/contact.php
#include <std_disclaimer.h>
More information about the GLLUG
mailing list