[148588] in cryptography@c2.net mail archive
Re: [Cryptography] RSA is dead.
daemon@ATHENA.MIT.EDU (Jerry Leichter)
Sun Dec 22 18:13:06 2013
X-Original-To: cryptography@metzdowd.com
From: Jerry Leichter <leichter@lrw.com>
In-Reply-To: <CAOLP8p63m_C04vfonmdcG4neLxrtqZdReqEgLsL+yVEqUE0qvQ@mail.gmail.com>
Date: Sun, 22 Dec 2013 17:55:25 -0500
To: Bill Cox <waywardgeek@gmail.com>
Cc: crypto@senderek.ie, "cryptography@metzdowd.com" <cryptography@metzdowd.com>,
Peter Gutmann <pgut001@cs.auckland.ac.nz>
Errors-To: cryptography-bounces+crypto.discuss=bloom-picayune.mit.edu@metzdowd.com
--===============2351557687373985022==
Content-Type: multipart/signed; boundary="Apple-Mail=_248CFF82-E72A-41F9-A26A-F5DDD5FEBD79"; protocol="application/pkcs7-signature"; micalg=sha1
--Apple-Mail=_248CFF82-E72A-41F9-A26A-F5DDD5FEBD79
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain;
charset=iso-8859-1
On Dec 22, 2013, at 4:59 PM, Bill Cox <waywardgeek@gmail.com> wrote:
> Nonsense. Most other equally capable developers should be able to =
discover a backdoor with far less effort to hide it. Reading other =
people's code is a skill that some people never acquire, but it's =
generally easier to understand someone else's code entirely than to have =
created it from scratch.
>=20
> If the code is so obscure that this is not the case, that code should =
not be used in crypto. I'll just point out that gtksu falls exactly =
into this category, yet we continue to use it... it really deserves to =
be retired. Open source is *very* helpful, but if the people with the =
decision power over what to include are far more ignorant than the =
coders... well then just forget security.
Have a look at some of the entries in the Obfuscated V contest (to write =
innocent-looking code that actually cheated one of the candidates). My =
favorite is http://graphics.stanford.edu/~danielrh/vote/mzalewski.c - =
just one of many.
Come back and tell me how "capable developers" will easily find =
malicious code hidden in simple, clean-looking C code.
-- Jerry
--Apple-Mail=_248CFF82-E72A-41F9-A26A-F5DDD5FEBD79
Content-Disposition: attachment;
filename=smime.p7s
Content-Type: application/pkcs7-signature;
name=smime.p7s
Content-Transfer-Encoding: base64
MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIO5DCCBJ0w
ggOFoAMCAQICEDQ96SusJzT/j8s0lPvMcFQwDQYJKoZIhvcNAQEFBQAwbzELMAkGA1UEBhMCU0Ux
FDASBgNVBAoTC0FkZFRydXN0IEFCMSYwJAYDVQQLEx1BZGRUcnVzdCBFeHRlcm5hbCBUVFAgTmV0
d29yazEiMCAGA1UEAxMZQWRkVHJ1c3QgRXh0ZXJuYWwgQ0EgUm9vdDAeFw0wNTA2MDcwODA5MTBa
Fw0yMDA1MzAxMDQ4MzhaMIGuMQswCQYDVQQGEwJVUzELMAkGA1UECBMCVVQxFzAVBgNVBAcTDlNh
bHQgTGFrZSBDaXR5MR4wHAYDVQQKExVUaGUgVVNFUlRSVVNUIE5ldHdvcmsxITAfBgNVBAsTGGh0
dHA6Ly93d3cudXNlcnRydXN0LmNvbTE2MDQGA1UEAxMtVVROLVVTRVJGaXJzdC1DbGllbnQgQXV0
aGVudGljYXRpb24gYW5kIEVtYWlsMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsjmF
pPJ9q0E7YkY3rs3BYHW8OWX5ShpHornMSMxqmNVNNRm5pELlzkniii8efNIxB8dOtINknS4p1aJk
xIW9hVE1eaROaJB7HHqkkqgX8pgV8pPMyaQylbsMTzC9mKALi+VuG6JG+ni8om+rWV6lL8/K2m2q
L+usobNqqrcuZzWLeeEeaYji5kbNoKXqvgvOdjp6Dpvq/NonWz1zHyLmSGHGTPNpsaguG7bUMSAs
vIKKjqQOpdeJQ/wWWq8dcdcRWdq6hw2v+vPhwvCkxWeM1tZUOt4KpLoDd7NlyP0e03RiqhjKaJMe
oYV+9Udly/hNVyh00jT/MLbu9mIwFIws6wIDAQABo4H0MIHxMB8GA1UdIwQYMBaAFK29mHo0tCb3
+sQmVO8DveAky1QaMB0GA1UdDgQWBBSJgmd9xJ0mcABLtFBIfN49rgRufTAOBgNVHQ8BAf8EBAMC
AQYwDwYDVR0TAQH/BAUwAwEB/zARBgNVHSAECjAIMAYGBFUdIAAwRAYDVR0fBD0wOzA5oDegNYYz
aHR0cDovL2NybC51c2VydHJ1c3QuY29tL0FkZFRydXN0RXh0ZXJuYWxDQVJvb3QuY3JsMDUGCCsG
AQUFBwEBBCkwJzAlBggrBgEFBQcwAYYZaHR0cDovL29jc3AudXNlcnRydXN0LmNvbTANBgkqhkiG
9w0BAQUFAAOCAQEAAbyc42MosPMxAcLfe91ioAGdIzEPnJJzU1HqH0z61p/Eyi9nfngzD3QWuZGH
kfWKJvpkcADYHvkLBGJQh5OB1Nr1I9s0u4VWtHA0bniDNx6FHMURFZJfhxe9rGr98cLRzIlfsXzw
PlHyNfN87GCYazor4O/fs32G67Ub9VvsonyYE9cAULnRLXPeA3h04QWFMV7LmrmdlMa5lDd1ctxE
+2fo8PolHlKn2iXpR+CgxzygTrEKNvt3SJ/vl4r7tP7jlBSog7xcLT/SYHFg7sJxggzpiDbj2iC0
o6BsqpZLuICOdcpJB/Y7FLrf3AXZn9vgsuZNoHgm5+ctbn9fxh6IFTCCBRowggQCoAMCAQICEG0Z
6qcZT2ozIuYiMnqqcd4wDQYJKoZIhvcNAQEFBQAwga4xCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJV
VDEXMBUGA1UEBxMOU2FsdCBMYWtlIENpdHkxHjAcBgNVBAoTFVRoZSBVU0VSVFJVU1QgTmV0d29y
azEhMB8GA1UECxMYaHR0cDovL3d3dy51c2VydHJ1c3QuY29tMTYwNAYDVQQDEy1VVE4tVVNFUkZp
cnN0LUNsaWVudCBBdXRoZW50aWNhdGlvbiBhbmQgRW1haWwwHhcNMTEwNDI4MDAwMDAwWhcNMjAw
NTMwMTA0ODM4WjCBkzELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQ
MA4GA1UEBxMHU2FsZm9yZDEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQxOTA3BgNVBAMTMENP
TU9ETyBDbGllbnQgQXV0aGVudGljYXRpb24gYW5kIFNlY3VyZSBFbWFpbCBDQTCCASIwDQYJKoZI
hvcNAQEBBQADggEPADCCAQoCggEBAJKEhFtLV5jUXi+LpOFAyKNTWF9mZfEyTvefMn1V0HhMVbdC
lOD5J3EHxcZppLkyxPFAGpDMJ1Zifxe1cWmu5SAb5MtjXmDKokH2auGj/7jfH0htZUOMKi4rYzh3
37EXrMLaggLW1DJq1GdvIBOPXDX65VSAr9hxCh03CgJQU2yVHakQFLSZlVkSMf8JotJM3FLb3uJA
AVtIaN3FSrTg7SQfOq9xXwfjrL8UO7AlcWg99A/WF1hGFYE8aIuLgw9teiFX5jSw2zJ+40rhpVJy
ZCaRTqWSD//gsWD9Gm9oUZljjRqLpcxCm5t9ImPTqaD8zp6Q30QZ9FxbNboW86eb/8ECAwEAAaOC
AUswggFHMB8GA1UdIwQYMBaAFImCZ33EnSZwAEu0UEh83j2uBG59MB0GA1UdDgQWBBR6E04AdFvG
eGNkJ8Ev4qBbvHnFezAOBgNVHQ8BAf8EBAMCAQYwEgYDVR0TAQH/BAgwBgEB/wIBADARBgNVHSAE
CjAIMAYGBFUdIAAwWAYDVR0fBFEwTzBNoEugSYZHaHR0cDovL2NybC51c2VydHJ1c3QuY29tL1VU
Ti1VU0VSRmlyc3QtQ2xpZW50QXV0aGVudGljYXRpb25hbmRFbWFpbC5jcmwwdAYIKwYBBQUHAQEE
aDBmMD0GCCsGAQUFBzAChjFodHRwOi8vY3J0LnVzZXJ0cnVzdC5jb20vVVROQWRkVHJ1c3RDbGll
bnRfQ0EuY3J0MCUGCCsGAQUFBzABhhlodHRwOi8vb2NzcC51c2VydHJ1c3QuY29tMA0GCSqGSIb3
DQEBBQUAA4IBAQCF1r54V1VtM39EUv5C1QaoAQOAivsNsv1Kv/avQUn1G1rF0q0bc24+6SZ85kyY
wTAo38v7QjyhJT4KddbQPTmGZtGhm7VNm2+vKGwdr+XqdFqo2rHA8XV6L566k3nK/uKRHlZ0sviN
0+BDchvtj/1gOSBH+4uvOmVIPJg9pSW/ve9g4EnlFsjrP0OD8ODuDcHTzTNfm9C9YGqzO/761Mk6
PB/tm/+bSTO+Qik5g+4zaS6CnUVNqGnagBsePdIaXXxHmaWbCG0SmYbWXVcHG6cwvktJRLiQfsrR
eTjrtDP6oDpdJlieYVUYtCHVmdXgQ0BCML7qpeeU0rD+83X5f27nMIIFITCCBAmgAwIBAgIQbDkx
1BIhYvJPPyuqUq3TXjANBgkqhkiG9w0BAQUFADCBkzELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdy
ZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEaMBgGA1UEChMRQ09NT0RPIENBIExp
bWl0ZWQxOTA3BgNVBAMTMENPTU9ETyBDbGllbnQgQXV0aGVudGljYXRpb24gYW5kIFNlY3VyZSBF
bWFpbCBDQTAeFw0xMzEyMTIwMDAwMDBaFw0xNDEyMTIyMzU5NTlaMCExHzAdBgkqhkiG9w0BCQEW
EGxlaWNodGVyQGxydy5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDcxkWWIpx9
1jeZsY58KmdNT9YcnXrfzFTzt0FGBkQ+kHKX1CqirfmGXSK2dGGZG1pkcnQYC/xYjWV/EuKM+34v
mvrmqpYqP6ZcvTE5xEHhcjSQTVGtFRH/ysswm6ckEIhlQ+szhGMkE9DGiMN+ExoDdGXW0vkjIxvm
YlZtI4ohw0plXB5jBz+JXR+uWovnvRrYVNujXV8P1f4oGHEiqS++ThsDkdrwgUAuVt3Vd+AR2b9u
4p7BBg2ifK+nnpB9Qvp8nJu4byIs86J07k5NVjprMUrZ4zpA1GuVIavFwntDIVueGRpi4jwtr/OE
NQOOfJ+n8hp2rs0LfrRWH+dRQW5jAgMBAAGjggHgMIIB3DAfBgNVHSMEGDAWgBR6E04AdFvGeGNk
J8Ev4qBbvHnFezAdBgNVHQ4EFgQUGC6zwEozq6+Xt9SC3MUWhApg0oUwDgYDVR0PAQH/BAQDAgWg
MAwGA1UdEwEB/wQCMAAwIAYDVR0lBBkwFwYIKwYBBQUHAwQGCysGAQQBsjEBAwUCMBEGCWCGSAGG
+EIBAQQEAwIFIDBGBgNVHSAEPzA9MDsGDCsGAQQBsjEBAgEBATArMCkGCCsGAQUFBwIBFh1odHRw
czovL3NlY3VyZS5jb21vZG8ubmV0L0NQUzBXBgNVHR8EUDBOMEygSqBIhkZodHRwOi8vY3JsLmNv
bW9kb2NhLmNvbS9DT01PRE9DbGllbnRBdXRoZW50aWNhdGlvbmFuZFNlY3VyZUVtYWlsQ0EuY3Js
MIGIBggrBgEFBQcBAQR8MHowUgYIKwYBBQUHMAKGRmh0dHA6Ly9jcnQuY29tb2RvY2EuY29tL0NP
TU9ET0NsaWVudEF1dGhlbnRpY2F0aW9uYW5kU2VjdXJlRW1haWxDQS5jcnQwJAYIKwYBBQUHMAGG
GGh0dHA6Ly9vY3NwLmNvbW9kb2NhLmNvbTAbBgNVHREEFDASgRBsZWljaHRlckBscncuY29tMA0G
CSqGSIb3DQEBBQUAA4IBAQBDmBD7c/0z1sApyjMF3WMva4b2Kid9frR+p1+BhKtTOYXQ1NOYF5bb
Qm/c0mEQ0JGaNA64x2ujfjnfwaKt9BPa4FP2Ffvvod5uu8pasxuOR07iODBx8b78vqXOS4fUsdE+
Ial+ALtsAQcjdh8TRWN+myFcSf0qQH/7k3IODp2eVy4i4mHEDvHwMoUWaIsUACOoHgpxbqHqDyXg
c7uey1TH1F+CjcSzyycEP8dAzxuh7npov0IWFniY/y6Qm/ZSeTPU6CpzH29t/IZiJUfzgfzYQnR1
DED4ZMBQ8BjAZdpdqz7F00Vudwsojrj7qqreBVN1D7MAjpoevnq0r5qjomM0MYIDqzCCA6cCAQEw
gagwgZMxCzAJBgNVBAYTAkdCMRswGQYDVQQIExJHcmVhdGVyIE1hbmNoZXN0ZXIxEDAOBgNVBAcT
B1NhbGZvcmQxGjAYBgNVBAoTEUNPTU9ETyBDQSBMaW1pdGVkMTkwNwYDVQQDEzBDT01PRE8gQ2xp
ZW50IEF1dGhlbnRpY2F0aW9uIGFuZCBTZWN1cmUgRW1haWwgQ0ECEGw5MdQSIWLyTz8rqlKt014w
CQYFKw4DAhoFAKCCAdcwGAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEHATAcBgkqhkiG9w0BCQUxDxcN
MTMxMjIyMjI1NTI5WjAjBgkqhkiG9w0BCQQxFgQUSYTn4sPWo/U9S6wdUAZaqE82gJwwgbkGCSsG
AQQBgjcQBDGBqzCBqDCBkzELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3Rl
cjEQMA4GA1UEBxMHU2FsZm9yZDEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQxOTA3BgNVBAMT
MENPTU9ETyBDbGllbnQgQXV0aGVudGljYXRpb24gYW5kIFNlY3VyZSBFbWFpbCBDQQIQbDkx1BIh
YvJPPyuqUq3TXjCBuwYLKoZIhvcNAQkQAgsxgauggagwgZMxCzAJBgNVBAYTAkdCMRswGQYDVQQI
ExJHcmVhdGVyIE1hbmNoZXN0ZXIxEDAOBgNVBAcTB1NhbGZvcmQxGjAYBgNVBAoTEUNPTU9ETyBD
QSBMaW1pdGVkMTkwNwYDVQQDEzBDT01PRE8gQ2xpZW50IEF1dGhlbnRpY2F0aW9uIGFuZCBTZWN1
cmUgRW1haWwgQ0ECEGw5MdQSIWLyTz8rqlKt014wDQYJKoZIhvcNAQEBBQAEggEAn9FguVBQT4ry
psadbcK3fWBUkqGUX7Z2XF3Boe6H17AjmOC6Bqx0dKW0OC9IyZ6UglIDgkjC8OulVFgSpcO39rII
Msg6f9lguaX0wPJ1bVi7jAiB4mff8lwL/0efCT9Hc32YC6rf62YLAB4zV0+Re3mIGNosf+ydf8hY
Sw4lZWDzoLgcC6Jc0voqqmPMaWNLz9dbc/jLicWHOsiMRVeBFsSqAcBziHFTrU8dYpMyD7Ut14fC
/5ey2gpFWzH0yFI36I4ZUeKOkBI10ReNPlP5brUF8JBF07LHPDzL0AD7urKhbu8e9sNYALXVutem
M/ASACoC3d8I54OH4YpjgqW5oAAAAAAAAA==
--Apple-Mail=_248CFF82-E72A-41F9-A26A-F5DDD5FEBD79--
--===============2351557687373985022==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
--===============2351557687373985022==--
