[Cryptography] MITM source patching [was Schneier got spooked]
Phillip Hallam-Baker
hallam at gmail.com
Sun Sep 8 08:28:27 EDT 2013
On Sun, Sep 8, 2013 at 1:42 AM, Tim Newsham <tim.newsham at gmail.com> wrote:
> Jumping in to this a little late, but:
>
> > Q: "Could the NSA be intercepting downloads of open-source
> > encryption software and silently replacing these with their own
> versions?"
> > A: (Schneier) Yes, I believe so.
>
> perhaps, but they would risk being noticed. Some people check file hashes
> when downloading code. FreeBSD's port system even does it for you and
> I'm sure other package systems do, too. If this was going on en masse,
> it would get picked up pretty quickly... If targeted, on the other hand,
> it
> would work well enough...
>
But is the source compromised in the archive?
It think we need a different approach to source code management. Get rid of
user authentication completely, passwords and SSH are both a fragile
approach. Instead every code update to the repository should be signed and
recorded in an append only log and the log should be public and enable any
party to audit the set of updates at any time.
This would be 'Code Transparency'.
Problem is we would need to modify GIT to implement.
--
Website: http://hallambaker.com/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20130908/52a45c3f/attachment.html>
More information about the cryptography
mailing list