On Thu, Dec 30, 2010 at 09:38:41AM +0100, Janne Johansson wrote: > > without a 'hint' (true or fake), where would you start auditing the > > code? It's just too much. > > Ted Unangst already solved that for all the potential lookers: > > Quote from http://marc.info/?l=openbsd-misc&m=124413533913404&w=2 > --------------------------------- > It's not about where you start. It's about starting anywhere. Here, watch, > it's this easy: > find /usr/src -name "*.c" | random 10000 > ---------------------------------
Note that this assumes that there is no backdoor in random(6) (or arc4random_uniform, which it calls) designed to prevent the source file with the backdoor from being selected with the above command.
