At Sun, 04 May 2008 20:14:42 -0400, Perry E. Metzger wrote: > > > Marcos el Ruptor <[EMAIL PROTECTED]> writes: > > All this open-source promotion is a huge waste of time. Us crackers > > know exactly how all the executables we care about (especially all > > the crypto and security related programs) work. > > With respect, no, you don't. If you did, then all the flaws in Windows > would have been found at once, instead of trickling out over the > course of decades as people slowly figure out new unintended > behaviors. Anything sufficiently complicated to be interesting simply > cannot be fully understood by inspection, end of story.
Without taking a position on the security of open source vs. closed source (which strikes me as an open question), I agree with Perry that deciding whether a given piece of software has back doors is not really possible for a nontrivial piece of software. Note that this is a very different problem from finding a single vulnerability or answering specific (small) questions about the code [0]. -Ekr [0] That said, I don't think that determining whether a nontrivial piece of software security vulnerabilities is difficult. The answer is "yes". --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]