[Cryptography] how reliably do audits spot backdoors?
James A. Donald
jamesd at echeque.com
Tue Dec 24 21:08:58 EST 2013
I don't think a backdoor is likely to survive a serious audit. Code
audits, done right by competent people, are tough.
Though, done right, they are expensive.
If crypto code is open source, most people will use it without careful
examination on the assumption that someone else is going to audit it.
But, some people, relying on that code, *are* going to audit it.
More information about the cryptography
mailing list