[governance] NSA sabotage of Internet security standards

Karl Auerbach karl at cavebear.com
Sun Sep 15 15:50:29 EDT 2013


On 09/15/2013 07:03 AM, Louis Pouzin (well) wrote:


> Best quote of the day, so cutely childish.
> The trend is no secret: user open source encryption and States standards.

If the actual encryption algorithm contains a mathematical backdoor then
code inspection of an open implementation is not likely to reveal the flaw.

That's the scary thing - it is now beyond hyperbolic speculation that
some intentional weaknesses may have been secretly baked into the actual
mathematics of the algorithms.

And lest we forget that sometimes we may not be able to see what is
there we ought not to forget this famous paper:

Reflections on Trusting Trust
Ken Thompson
http://cm.bell-labs.com/who/ken/trust.html

After reading that who can say that our compilers or interpreters are
safe to use to compile open source encryption code?

	--karl--






-------------- next part --------------
____________________________________________________________
You received this message as a subscriber on the list:
     governance at lists.igcaucus.org
To be removed from the list, visit:
     http://www.igcaucus.org/unsubscribing

For all other list information and functions, see:
     http://lists.igcaucus.org/info/governance
To edit your profile and to find the IGC's charter, see:
     http://www.igcaucus.org/

Translate this email: http://translate.google.com/translate_t


More information about the Governance mailing list