Peter Gutmann writes (on the moderated cryptogra...@metzdowd.com list): > Any sufficiently capable developer of crypto software should be > competent enought to backdoor their own source code in such a way that > it can't be detected by an audit.
Some of us have been working on an auditable crypto library: https://twitter.com/TweetNaCl The original, nicely indented, version is 809 lines, 16621 bytes. The Python script to print tweetnacl.h is 1811 bytes. The accompanying paper (to be posted soon) says "Of course, compilers also need to be audited (or to produce proofs of correct translations), as do other critical system components"---but there's progress on that too. In general it seems that Peter's fatalist view consists entirely of "nobody has done this yet" rather than "it's impossible". TweetNaCl's speed doesn't match the asm in NaCl, but if you can tolerate OpenSSL's 4.2 million cycles for RSA-2048 decryption then you should be able to tolerate TweetNaCl's 2.5 million cycles for Curve25519. ---Dan _______________________________________________ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography