Gesendet: Mittwoch, 11. September 2013 um 11:42 Uhr
Von: Rudolf Leitgeb rudolf.leit...@gmx.at
An: es...@nerim.net
Cc: misc@openbsd.org
Betreff: Re: OpenBSD crypto and NSA/Bruce Schneier
Second, low hanging fruit.
Contrary to what some hysterical reports may claim, and some violations
of rules aside, NSA is mostly after bad guys, some of which know quite
well what they are doing. These bad guys will not necessarily be kind
enough to present NSA with unpatched Windows desktops.
I think that is not true. What they (and others) are after are
CORRELATIONS, as much correlation as one can get. Thats because from
a Bayesian POV causality it isn't really needed to understand beaviour
if you have enough correlation.
Social Science becomes obsolete, if enough correlation is gathered.
See for example
http://www.wired.com/science/discoveries/magazine/16-07/pb_theory
That paper really sounds strange on a first sight, but with big data, it is
anoter situation.
So back on topic, even if they are after the 'bad guys' they are by getting
as much data i.e.correlations as they can get...
why bother with us ? people are most generally NOT careful. So, hey,
what if you can't break in OpenBSD ?
This is not a marketing operation run by NSA which can claim success if
they catch the 90% dumbest. Quite to the contrary, they should be most
interested in the most sophisticated ones, and why wouldn't bad guys
use OpenBSD if they had the impression it was more secure?
No they want it all, because much data is better than any behaviour theory
can be, just because you don't have tomake assumptions.
As I have mentioned before: what good is perfect security in an OS if you
have no control over the hardware? Put some back doors into the CPU or the
networking hardware and OpenSSH will fall. There is really no point in
trying to outwit three letter agencies with our laptops.
Do you have any example for that? I mean the hardware needs software
to run, not? So you say that there a cases where there is firmware
that makes the hardware do things we can not control or encapsulate?
After all, we could change to hardware that does not have theses things.
Another think is, that today mathematically proven correct (aka zero-bug)
software is more and more faseable. See te guys from seL4..
Ok it is still a bit future, but soner or later we will become able to
proof our algorithms; at least partly...
/jo