[148691] in cryptography@c2.net mail archive
Re: [Cryptography] how reliably do audits spot backdoors?
daemon@ATHENA.MIT.EDU (James A. Donald)
Tue Dec 24 23:07:34 2013
X-Original-To: cryptography@metzdowd.com
Date: Wed, 25 Dec 2013 12:08:58 +1000
From: "James A. Donald" <jamesd@echeque.com>
To: cryptography@metzdowd.com
In-Reply-To: <20131224171224.1195119c@terabyte>
Reply-To: jamesd@echeque.com
Errors-To: cryptography-bounces+crypto.discuss=bloom-picayune.mit.edu@metzdowd.com
I don't think a backdoor is likely to survive a serious audit. Code
audits, done right by competent people, are tough.
Though, done right, they are expensive.
If crypto code is open source, most people will use it without careful
examination on the assumption that someone else is going to audit it.
But, some people, relying on that code, *are* going to audit it.
_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
