Boston Linux & UNIX was originally founded in 1994 as part of The Boston Computer Society. We meet on the third Wednesday of each month, online, via Jitsi Meet.

BLU Discuss list archive


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Discuss] NAS: encryption



On 7/8/2015 3:19 PM, Chuck Anderson wrote:
> Sorry, I call BS.  My point was that having access to source code is a
> prerequisite.  If you don't have access to the source code, it becomes
> MUCH harder to audit because you are limited in the techniques you can
> use, such as black box testing.  If you have source code, you can read
> the code and try to understand what it is doing.

This is why I say you don't have the qualifications. Access to the 
source code isn't worth nearly as much as you seem to think it is. There 
are classes of vulnerabilities like insecure compiler optimizations that 
are impossible to detect by examining the source code even when you do 
understand what the code is supposed to do. On the other hand, no-source 
techniques like black box testing work whether or not you have the 
source. This is why my answer to your next question is...


> And do you think we would know about those instances if the
> code/standards were closed?

... yes, we would.

-- 
Rich P.



BLU is a member of BostonUserGroups
BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Valid HTML 4.01! Valid CSS!



Boston Linux & Unix / webmaster@blu.org