shadowOps07: > Truecrypt is a open source software therefore NSA doesn't have back > door access to this particular software.
Without deterministic builds, and TrueCrypt isn't deterministically build, [1] Open Source does not prevent backdoors, unless you compile from source code. The ones who compiles, uploads and distribute the binaries have the option to add a backdoor. Also the ones who may have infected the build machine with a backdoor are in position to add a backdoor without the distributor being aware of it. And even in the source code you can add subtle backdoors. Source: http://cm.bell-labs.com/who/ken/trust.html "The moral is obvious. You can't trust code that you did not totally create yourself. (Especially code from companies that employ people like me.) No amount of source-level verification or scrutiny will protect you from using untrusted code. In demonstrating the possibility of this kind of attack, I picked on the C compiler. I could have picked on any program-handling program such as an assembler, a loader, or even hardware microcode. As the level of program gets lower, these bugs will be harder and harder to detect. A well installed microcode bug will be almost impossible to detect." [1] and without people scrutinizing it, checking that the binary has been build from the exact same source code as claimed, -- tor-talk mailing list - tor-talk@lists.torproject.org To unsusbscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk