[148582] in cryptography@c2.net mail archive
Re: [Cryptography] RSA is dead.
daemon@ATHENA.MIT.EDU (Peter Gutmann)
Sun Dec 22 16:47:57 2013
X-Original-To: cryptography@metzdowd.com
Date: Mon, 23 Dec 2013 10:38:13 +1300
From: Peter Gutmann <pgut001@cs.auckland.ac.nz>
To: crypto@senderek.ie
In-Reply-To: <alpine.LFD.2.02.1312221345390.5930@laptop.kerry-linux.ie>
Cc: cryptography@metzdowd.com
Errors-To: cryptography-bounces+crypto.discuss=bloom-picayune.mit.edu@metzdowd.com
Ralf Senderek <crypto@senderek.ie> writes:
>Isn't the most obvious conclusion that no crypto tool can be secure if it is
>not open source?
That won't help things much: Any sufficiently capable developer of crypto
software should be competent enought to backdoor their own source code in such
a way that it can't be detected by an audit. If you're capable of dealing
with exotic side-channel and timing attacks, countering weird obscure
mathemtatical properties of cryptosystems to avoid leaking keys, and all
manner of other tricks, then you had better be capable of backdooring your
code as well.
Availability of source code is not soy sauce for security.
Peter.
_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
