[Cryptography] how reliably do audits spot backdoors? (was: Re: RSA is dead.)
Jonathan Thornburg
jthorn at astro.indiana.edu
Sun Dec 22 19:51:44 EST 2013
On Sun, 22 Dec 2013, Bill Cox wrote:
[[re Peter Gutmann's claim that backdoors in source-code
may escape discovery in audits]]
> Nonsense. Most other equally capable developers should be able to discover
> a backdoor with far less effort to hide it. Reading other people's code is
> a skill that some people never acquire, but it's generally easier to
> understand someone else's code entirely than to have created it from
> scratch.
Looking at the winners in the Underhanded C Contest
http://underhanded.xcott.com/
strongly suggests that Peter is right. And these are backdoors hidden
in on-the-order-of-100 lines of code, which is a lot smaller (and thus
harder-to-hide-a-backdoor-in) than most real crypto code.
For that matter... OpenBSD did full code audits many years ago... yet
nontrivial bugs (accidental, not maliciously-planted) are still being
found in the codebase.
Auditing code is *hard*. We should no more expect auditors to be 100%
perfect at finding backdoors than we should expect well-meaning programmers
to be 100% perfect at (say) correctly using strncpy().
--
-- "Jonathan Thornburg [remove -animal to reply]" <jthorn at astro.indiana-zebra.edu>
Dept of Astronomy & IUCSS, Indiana University, Bloomington, Indiana, USA
"There was of course no way of knowing whether you were being watched
at any given moment. How often, or on what system, the Thought Police
plugged in on any individual wire was guesswork. It was even conceivable
that they watched everybody all the time." -- George Orwell, "1984"
More information about the cryptography
mailing list