Boston Linux & Unix (BLU) Home | Calendar | Mail Lists | List Archives | Desktop SIG | Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings
Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU

BLU Discuss list archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Slashdot article on MITRE open source software

Bill writes:
| > John Chambers <jc at> writes:
| > > Then, of  course,  there's  Ken  Thompson's  famous  "Reflections  on
| > > Trusting Trust" paper, in which he explains how to install a backdoor
| > > in a program in such a way that it doesn't  appear  anywhere  in  the
| > > source,  but  is  inserted  in the binary by the compiler.  Also, the
| > > insertion code doesn't appear in the compiler source, but is  in  the
| > > binary version of the compiler, even after you recompile it.
| Isn't it an academic problem? The invention of public key cryptography, and
| the verification checksums it supports, should obviate this.

Not likely in this case. Ken Thompson was the author of the
compiler, remember.  All the verification schemes can do is
warn you that someone has tampered with the code after  the
kit  was prepared.  If the tampering was done by the author
before building the kit, the  checksums  can  warn  you  if
someone  removes  the backdoor.  They can't do much to warn
you of things that the author included.

BLU is a member of BostonUserGroups
BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Valid HTML 4.01! Valid CSS!

Boston Linux & Unix /