[146806] in cryptography@c2.net mail archive
[Cryptography] MITM source patching [was Schneier got spooked]
daemon@ATHENA.MIT.EDU (Tim Newsham)
Sun Sep 8 03:04:11 2013
X-Original-To: cryptography@metzdowd.com
Date: Sat, 7 Sep 2013 19:42:33 -1000
From: Tim Newsham <tim.newsham@gmail.com>
To: cryptography@metzdowd.com
Errors-To: cryptography-bounces+crypto.discuss=bloom-picayune.mit.edu@metzdowd.com
Jumping in to this a little late, but:
> Q: "Could the NSA be intercepting downloads of open-source
> encryption software and silently replacing these with their own versions?"
> A: (Schneier) Yes, I believe so.
perhaps, but they would risk being noticed. Some people check file hashes
when downloading code. FreeBSD's port system even does it for you and
I'm sure other package systems do, too. If this was going on en masse,
it would get picked up pretty quickly... If targeted, on the other hand, it
would work well enough...
--
Tim Newsham | www.thenewsh.com/~newsham | @newshtwit | thenewsh.blogspot.com
_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
