[governance] NSA sabotage of Internet security standards
Suresh Ramasubramanian
suresh at hserus.net
Sun Sep 15 19:15:26 EDT 2013
Which is why participating in a review becomes essential
If after that you know to trust or not trust every algorithm covered by the
review, that is a useful takeaway.
--srs (htc one x)
On 16 September 2013 1:20:29 AM Karl Auerbach <karl at cavebear.com> wrote:
> On 09/15/2013 07:03 AM, Louis Pouzin (well) wrote:
>
>
> > Best quote of the day, so cutely childish.
> > The trend is no secret: user open source encryption and States standards.
>
> If the actual encryption algorithm contains a mathematical backdoor then
> code inspection of an open implementation is not likely to reveal the flaw.
>
> That's the scary thing - it is now beyond hyperbolic speculation that
> some intentional weaknesses may have been secretly baked into the actual
> mathematics of the algorithms.
>
> And lest we forget that sometimes we may not be able to see what is
> there we ought not to forget this famous paper:
>
> Reflections on Trusting Trust
> Ken Thompson
> http://cm.bell-labs.com/who/ken/trust.html
>
> After reading that who can say that our compilers or interpreters are
> safe to use to compile open source encryption code?
>
> --karl--
>
>
>
>
>
>
-------------- next part --------------
____________________________________________________________
You received this message as a subscriber on the list:
governance at lists.igcaucus.org
To be removed from the list, visit:
http://www.igcaucus.org/unsubscribing
For all other list information and functions, see:
http://lists.igcaucus.org/info/governance
To edit your profile and to find the IGC's charter, see:
http://www.igcaucus.org/
Translate this email: http://translate.google.com/translate_t
More information about the Governance
mailing list