[148608] in cryptography@c2.net mail archive
Re: [Cryptography] how reliably do audits spot backdoors? (was: Re:
daemon@ATHENA.MIT.EDU (Bill Cox)
Mon Dec 23 01:32:13 2013
X-Original-To: cryptography@metzdowd.com
In-Reply-To: <r422Ps-1075i-13582B859F3446C28A801D585606789D@Williams-MacBook-Pro.local>
Date: Mon, 23 Dec 2013 01:06:59 -0500
From: Bill Cox <waywardgeek@gmail.com>
To: "cryptography@metzdowd.com" <cryptography@metzdowd.com>
Errors-To: cryptography-bounces+crypto.discuss=bloom-picayune.mit.edu@metzdowd.com
--===============9176204134426812439==
Content-Type: multipart/alternative; boundary=089e0111c09a91924804ee2d6f36
--089e0111c09a91924804ee2d6f36
Content-Type: text/plain; charset=ISO-8859-1
Well, first, It's David Wagner. Had we set up this test with me inserting
the bugs and David Wagner finding them, I think the results would have been
different.
However, IMO, David Wagner's bugs would not have survived a year of open
source review, given that it was confined to 100 lines of code. That code
might be a serious mess, but people can usually grok that kind of
complexity.
With that said, God only knows what back doors exist in gksu. Crypto code
should be as simple as possible. Why does gksu need multiple threads that
all violate the GTK rule that only the main thread can muck with UI
widgets? It's only a simple dialog with two buttons! Why does it even
need multiple threads? If I do say so myself, I am awesome at reading and
groking code, and gksu is one of the only Linux projects I've had to read
that I could not understand. Code like that in the crypto system makes me
want to set my hair on fire.
--089e0111c09a91924804ee2d6f36
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
<div dir=3D"ltr">Well, first, It's David Wagner. =A0Had we set up this =
test with me inserting the bugs and David Wagner finding them, I think the =
results would have been different.<div><br></div><div>However, IMO, David W=
agner's bugs would not have survived a year of open source review, give=
n that it was confined to 100 lines of code. =A0That code might be a seriou=
s mess, but people can usually grok that kind of complexity.</div>
<div><br></div><div>With that said, God only knows what back doors exist in=
gksu. =A0Crypto code should be as simple as possible. =A0Why does gksu nee=
d multiple threads that all violate the GTK rule that only the main thread =
can muck with UI widgets? =A0It's only a simple dialog with two buttons=
! =A0Why does it even need multiple threads? =A0If I do say so myself, I am=
awesome at reading and groking code, and gksu is one of the only Linux pro=
jects I've had to read that I could not understand. =A0Code like that i=
n the crypto system makes me want to set my hair on fire.</div>
</div>
--089e0111c09a91924804ee2d6f36--
--===============9176204134426812439==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
--===============9176204134426812439==--
