[Cryptography] how reliably do audits spot backdoors?

Phillip Hallam-Baker hallam at gmail.com
Wed Dec 25 12:09:43 EST 2013


On Tue, Dec 24, 2013 at 2:42 AM, James A. Donald <jamesd at echeque.com> wrote:

> On 2013-12-24 04:33, Benjamin Kreuter wrote:
>
>> I have been wondering for some time if this might be more a symptom of
>> the languages we are using than a fundamental difficulty in the
>> auditing process itself.  Quite a few UCC entries rely on undefined or
>> counterintuitive behavior in C.
>>
>
> I find C quite intuitive, possibly as a result of having done a bit of
> code review.
>
> What you would call counterintuitive, I read as idiomatic, and what is
> undefined, I read as unidiomatic.
>
> So, the underhanded C examples would have failed code review, not because
> their terribly sneaky measures would have been detected in code review, but
> for being unidiomatic, obfuscated, uglified, or complexified.
>
> The code review would have come to an end, and the developer ordered to do
> a rewrite, before the trick had been detected.


But that type of code review is only possible for closed source where
someone is being paid or in an exceptionally highly motivated open source
project.

I can't slap the authors of OpenSSL and tell them to document their stuff,
let alone force a rewrite


-- 
Website: http://hallambaker.com/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20131225/e02c3bc8/attachment.html>


More information about the cryptography mailing list