> Gesendet: Mittwoch, 11. September 2013 um 11:42 Uhr > Von: "Rudolf Leitgeb" <rudolf.leit...@gmx.at> > An: es...@nerim.net > Cc: misc@openbsd.org > Betreff: Re: OpenBSD crypto and NSA/Bruce Schneier > > > Second, low hanging fruit. > > Contrary to what some hysterical reports may claim, and some violations > of rules aside, NSA is mostly after bad guys, some of which know quite > well what they are doing. These bad guys will not necessarily be kind > enough to present NSA with unpatched Windows desktops.
I think that is not true. What they (and others) are after are CORRELATIONS, as much correlation as one can get. Thats because from a Bayesian POV causality it isn't really needed to understand beaviour if you have enough correlation. Social Science becomes obsolete, if enough correlation is gathered. See for example http://www.wired.com/science/discoveries/magazine/16-07/pb_theory That paper really sounds strange on a first sight, but with big data, it is anoter situation. So back on topic, even if they are after the 'bad guys' they are by getting as much data i.e.correlations as they can get... > > > why bother with us ? people are most generally NOT careful. So, hey, > > what if you can't break in OpenBSD ? > > This is not a marketing operation run by NSA which can claim success if > they catch the 90% dumbest. Quite to the contrary, they should be most > interested in the most sophisticated ones, and why wouldn't bad guys > use OpenBSD if they had the impression it was more secure? No they want it all, because much data is better than any behaviour theory can be, just because you don't have tomake assumptions. > > > As I have mentioned before: what good is perfect security in an OS if you > have no control over the hardware? Put some back doors into the CPU or the > networking hardware and OpenSSH will fall. There is really no point in > trying to outwit three letter agencies with our laptops. > Do you have any example for that? I mean the hardware needs software to run, not? So you say that there a cases where there is firmware that makes the hardware do things we can not control or encapsulate? After all, we could change to hardware that does not have theses things. Another think is, that today mathematically proven correct (aka zero-bug) software is more and more faseable. See te guys from seL4.. Ok it is still a bit future, but soner or later we will become able to proof our algorithms; at least partly... /jo
