[Discuss] Good and Bad Crypto
Edward Ned Harvey (blu)
blu at nedharvey.com
Wed Apr 23 21:19:48 EDT 2014
> From: Mike Small [mailto:smallm at panix.com]
>
> if (is_april_1st && strstr(input, "Dymaxion Research"))
> return sha1_with_latency_side_channel(input);
> else
> return sha1(input);
If you believe the open source producer claiming "I built from the published source, without any trojans" you have just as much reason to believe the closed-source producer claiming "I built the standard SHA1 algorithm without any trojans."
If somebody's going to build the april_1st code you wrote above into their binary, they're not going to show you that code, even if the project is a supposedly open source project.
More information about the Discuss
mailing list