[GLLUG] Am I over-reacting to this?
John Edwards
john at cornerstonelinux.co.uk
Thu Jan 16 10:38:55 UTC 2014
On Thu, Jan 16, 2014 at 10:28:08AM +0000, Alain Williams wrote:
> On Thu, Jan 16, 2014 at 10:21:18AM +0000, John Edwards wrote:
<snip>
>> Impossible? If the application is open source then you *can* find out
>> which algorithm is used (and more importantly - how it is implemented).
>
> However few of us would be qualified to say that an encryption
> algorithm had been properly implemented without any 'accidental'
> weakness - I know that I am not good enough for that.
Absolutely. And even programmers working in the area may not spot it -
the OpenSSL problem in Debian took almost 2 years to spot and fix.
But at least with open source people can view the code and so increase
the chance of spotting a problem. With closed source you have to use
reverse engineering, which is much harder and will not give you the
exact source code.
--
#---------------------------------------------------------#
| John Edwards Email: john at cornerstonelinux.co.uk |
#---------------------------------------------------------#
More information about the GLLUG
mailing list