On Dec 17, 2010, at 12:34 39PM, Jon Callas wrote: > Let's get back to the matter at hand. > > I believe that there's another principle, which is that he who proposes, > disposes. I'll repeat -- it's up to the person who says there was/is a back > door to find it. > > Searching the history for stupid-ass bugs is carrying their paranoid water. > *Finding* a bug is not only carrying their water, but accusing someone of > being underhanded. The difference between a stupid bug and a back door is > intent. By calling a bug a back door, or considering it, we're also accusing > that coder of being underhanded. You're doing precisely what the person > throwing the paranoia wants. You're sowing fear and paranoia. > > Of course there are stupid bugs in the IPsec code. There's stupid bugs in > every large system. It is difficult to assign intent to bugs, though, as that > ends up being a discussion of the person.
Yes -- see http://en.wikipedia.org/wiki/James_Jesus_Angleton#The_Molehunt for where that sort of thing can lead. Many years ago, I learned that someone working on a major project had just been arrested for hacking. Did he leave any surprised behind in our code? I put together a team to do an audit. We found one clear security hole -- but the commit logs showed who was responsible, and a conversation with her showed that it was an innocent mistake (and not something our suspect had socially-engineered into the code base). Then I found something much more ambiguous -- two separate bugs, which -- when combined with a common but non-standard configuration -- added up to a security hole. In one of the bugs, the code didn't agree with the comments, but there was a very plausible innocent explanation. And yes, the suspect was responsible for that section of the code. Deliberate? Accidental? To this day, I don't know; all I know for sure is that we found and closed two security holes, one very subtle. Today is Dec 17, an odd-numbered day, so I think it was an ordinary bug. Tomorrow, I may feel differently. --Steve Bellovin, http://www.cs.columbia.edu/~smb _______________________________________________ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography