full-disk subversion standards released
Nicolas Williams
Nicolas.Williams at sun.com
Fri Jan 30 19:26:30 EST 2009
On Fri, Jan 30, 2009 at 03:37:22PM -0800, Taral wrote:
> On Fri, Jan 30, 2009 at 1:41 PM, Jonathan Thornburg
> <jthorn at astro.indiana.edu> wrote:
> > For open-source software encryption (be it swap-space, file-system,
> > and/or full-disk), the answer is "yes": I can assess the developers'
> > reputations, I can read the source code, and/or I can take note of
> > what other people say who've read the source code.
>
> Really? What about hardware backdoors? I'm thinking something like the
> old /bin/login backdoor that had compiler support, but in hardware.
Plus: that's a lot of code to read! A single person can't hope to
understand the tens of millions of lines of code that make up the
software (and firmware, and hardware!) that they use every day on a
single system. Note: that's not to say that open source doesn't have
advantages over proprietary source.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list