[Cryptography] how reliably do audits spot backdoors? (was: Re: RSA is dead.)
James A. Donald
jamesd at echeque.com
Tue Dec 24 02:32:53 EST 2013
On 2013-12-24 03:36, Bill Frantz wrote:
> Note that the bugs were limited to 100 lines of code because of the
> limited amount of time available for the code review. A real system
> would probably consist of many times 100 lines of code, especially if
> the compiler and runtime environments are included. Since backdoors can
> be designed that depend on "innocent" insertions in several separate
> parts of the code, the complexity of the search goes up faster than
> linearly with code size.
In code reviews, I automatically reject things that make the complexity
of the search go up faster than linearly.
The underhanded C examples all, or all I glanced at, used obfuscation,
uglification, and complexification, that would have been immediately
thrown out in code review, without anyone bothering to figure out what
the obfuscation obfuscated, what the uglified and complexified code
actually did.
More information about the cryptography
mailing list