[Discuss] Good and Bad Crypto
Edward Ned Harvey (blu)
blu at nedharvey.com
Wed Apr 23 13:05:51 EDT 2014
> From: discuss-bounces+blu=nedharvey.com at blu.org [mailto:discuss-
> bounces+blu=nedharvey.com at blu.org] On Behalf Of Derek Martin
>
> Or... unless the NSA or some other organization has
> paid off the vendor to intentionally include weaknesses for them to
> exploit.
If I give you a library that implements something like SHA1, it has a well defined deterministic behavior. For any given input, it must produce a predetermined output, deterministically. Please explain how it's possible to intentionally include a weakness into closed source implementation of this, and *not* equally possible to include such a weakness into an open source implementation. Please provide an answer which doesn't include "Everybody should read and compile everything for themselves."
More information about the Discuss
mailing list