[Cryptography] how reliably do audits spot backdoors?
James A. Donald
jamesd at echeque.com
Wed Dec 25 13:44:07 EST 2013
On Tue, Dec 24, 2013 at 2:42 AM, James A. Donald <jamesd at echeque.com
> So, the underhanded C examples would have failed code review, not
> because their terribly sneaky measures would have been detected in
> code review, but for being unidiomatic, obfuscated, uglified, or
> complexified.
On 2013-12-26 03:09, Phillip Hallam-Baker wrote:
> I can't slap the authors of OpenSSL and tell them to document their
> stuff, let alone force a rewrite
Not having the developer in front of one, merely means one has to fix
obfuscated and complexified code oneself. As, in the example case, I did.
More information about the cryptography
mailing list