[GLLUG] Am I over-reacting to this?

John Edwards john at cornerstonelinux.co.uk
Thu Jan 16 10:38:55 UTC 2014

On Thu, Jan 16, 2014 at 10:28:08AM +0000, Alain Williams wrote:
> On Thu, Jan 16, 2014 at 10:21:18AM +0000, John Edwards wrote:
>> Impossible? If the application is open source then you *can* find out
>> which algorithm is used (and more importantly - how it is implemented).
> However few of us would be qualified to say that an encryption
> algorithm had been properly implemented without any 'accidental'
> weakness - I know that I am not good enough for that.

Absolutely. And even programmers working in the area may not spot it -
the OpenSSL problem in Debian took almost 2 years to spot and fix.

But at least with open source people can view the code and so increase
the chance of spotting a problem. With closed source you have to use
reverse engineering, which is much harder and will not give you the
exact source code.

|    John Edwards   Email: john at cornerstonelinux.co.uk    |

More information about the GLLUG mailing list