"James A. Donald" <jam...@echeque.com> writes: >Crypto algorithms have standard reference implementations, which are to a >greater or lesser extent copied wholesale. Any deviation from the usual is apt >to be noticeable.
That would require that you compare the code for algorithm X in project Y to the originaly copy held who knows where, taking into account that the version used in project Y may be several versions out of date from the reference one (and by several versions I mean "ten years or more" in some cases), and that it'll have been hacked over by who knows how many others for portability and performance reasons. There'll be no way to tell whether any of the dozens of tweaks and changes are a backdoor or not. How would you tell whether something like a cast "( uint32_t ) /* For Solaris 9 with the SunPro 4.2 compiler */" is be a portability fix or a backdoor? If I wanted to backdoor something, I'd go for private-key leakage in DLP PKCs, which are notoriously bad in terms of leaking key bits if you even look at them funny. It's hard enough just to get those right with the best of intentions, let alone if you're deliberately trying to hide a key leak. To put it more succinctly, and to paraphrase Richelieu, give me six lines of code written by the hand of the most honest of coders and I'll find something in there to backdoor. Peter. _______________________________________________ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography