2010/12/21 Theo de Raadt <dera...@cvs.openbsd.org> > > > regarding the allegations about a backdoor beeing planted into OpenBSD, I > > did a code review myself [...] > > By the way... > > It is unfortunate that it required an allegation of this sort for > people to get to the point where they stop blindly trusting and > instead go audit the code....
without a 'hint' (true or fake), where would you start auditing the code? It's just too much. Now, as I have started with it, I will continue to do so, at least with the crypto code and PRNG code. However, don't get me wrong. I'm neither a cryptographer nor have I ever touched the openbsd code before. I did some patching for BSDI BSD/OS (ages ago), but that's it with my *bsd code contact. > But looked at from the half-glass-full side, it is refreshing to see > people trying! :-) BTW: iTWire mentions, that two bugs have been found in the crypto code. Where can I find details on those bugs? http://www.itwire.com/opinion-and-analysis/open-sauce/43995-openbsd-backdoor-claims-code-audit-begins Regards Kurt Knochner http://knochner.com/
