[Cryptography] RSA is dead.
Peter Gutmann
pgut001 at cs.auckland.ac.nz
Sun Dec 22 16:38:13 EST 2013
Ralf Senderek <crypto at senderek.ie> writes:
>Isn't the most obvious conclusion that no crypto tool can be secure if it is
>not open source?
That won't help things much: Any sufficiently capable developer of crypto
software should be competent enought to backdoor their own source code in such
a way that it can't be detected by an audit. If you're capable of dealing
with exotic side-channel and timing attacks, countering weird obscure
mathemtatical properties of cryptosystems to avoid leaking keys, and all
manner of other tricks, then you had better be capable of backdooring your
code as well.
Availability of source code is not soy sauce for security.
Peter.
More information about the cryptography
mailing list