Backdoor Man...

Allen netsecurity at sound-by-design.com
Sat Jun 30 07:45:38 EDT 2007


Hi gang,

Apparently "Backdoor Man" is still popular, but not as a blues.

http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9025436

So, the question is, can you trust *any* commercial vendor where 
you can't verify the code?

We have no clue if this was done for Intuit itself or if it was 
done at the request of some _agency_; however, even if it was 
only done for Intuit it does leave a rather sour taste because 
this is yet another proof of security by obscurity does not work 
and will eventually be exploited.

BTW, does anyone have a conversion metric for, say John the 
Ripper on a P4 3GHz with 1GB of memory (or some other commodity 
level computer) to the tera (soon to be peta it looks like) flop 
ratings on super computers?

Thanks,

Allen

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com



More information about the cryptography mailing list