[Cryptography] MITM source patching [was Schneier got spooked]

Tim Newsham tim.newsham at gmail.com
Sun Sep 8 01:42:33 EDT 2013

Jumping in to this a little late, but:

>  Q: "Could the NSA be intercepting downloads of open-source
> encryption software and silently replacing these with their own versions?"
>  A: (Schneier) Yes, I believe so.

perhaps, but they would risk being noticed. Some people check file hashes
when downloading code. FreeBSD's port system even does it for you and
I'm sure other package systems do, too.   If this was going on en masse,
it would get picked up pretty quickly...  If targeted, on the other hand, it
would work well enough...

Tim Newsham | www.thenewsh.com/~newsham | @newshtwit | thenewsh.blogspot.com

More information about the cryptography mailing list