[148714] in cryptography@c2.net mail archive
Re: [Cryptography] how reliably do audits spot backdoors?
daemon@ATHENA.MIT.EDU (James A. Donald)
Wed Dec 25 15:03:07 2013
X-Original-To: cryptography@metzdowd.com
Date: Thu, 26 Dec 2013 04:44:07 +1000
From: "James A. Donald" <jamesd@echeque.com>
To: Phillip Hallam-Baker <hallam@gmail.com>
In-Reply-To: <CAMm+Lwg8iLVCVCH-OgNQn2TFkNk8TJt0XwYRv5rW0d_1hyQFhg@mail.gmail.com>
Cc: "cryptography@metzdowd.com" <cryptography@metzdowd.com>
Reply-To: jamesd@echeque.com
Errors-To: cryptography-bounces+crypto.discuss=bloom-picayune.mit.edu@metzdowd.com
On Tue, Dec 24, 2013 at 2:42 AM, James A. Donald <jamesd@echeque.com
> So, the underhanded C examples would have failed code review, not
> because their terribly sneaky measures would have been detected in
> code review, but for being unidiomatic, obfuscated, uglified, or
> complexified.
On 2013-12-26 03:09, Phillip Hallam-Baker wrote:
> I can't slap the authors of OpenSSL and tell them to document their
> stuff, let alone force a rewrite
Not having the developer in front of one, merely means one has to fix
obfuscated and complexified code oneself. As, in the example case, I did.
_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
