Re: trusting software
ogr@wyvern.wyvern.com (Jason Plank) said:
Phil Zimmerman solved this problem by supplying the source code for his product. You can see for yourself that there are no backdoors.
This helps, but is imperfect. How many people will read their particular copy in sufficient detail to ascertain that there aren't any obvious backdoors added by e.g. a sneaky archive site maintainer, or some sneaky cracker who found a way to modify the archived copy? Furthermore, even close reading won't absolutely *guarantee* the lack of backdoors in all cases, even if the reader is an expert on relevant subjects. We'll all continue to use software despite lack of absolute assurances, but it's worth keeping in mind what the situation is. Doug
From: doug@netcom.com (Doug Merritt) Furthermore, even close reading won't absolutely *guarantee* the lack of backdoors in all cases, even if the reader is an expert on relevant subjects.
Case in point: sendmail. The sendmail code is something like a nucleon, in that one can apparently obtain an arbitrary number of bugs by putting sufficient energy in. ViaCrypt's market is people who want unquestioned legality as well as decent security. The best way to get this is to use PGP 2.3a, with source, while holding a license to a product producing identical output. Conveniently, editing the "2.3a" to "2.4" in a PGP-encrypted file causes no apparent problems. Eli ebrandt@jarthur.claremont.edu
participants (2)
-
doug@netcom.com -
Eli Brandt