[Cryptech Tech] design software

[Bernd Paysan]

Am Mittwoch, 20. Januar 2016, 00:34:42 schrieb Peter Gutmann:
> Less serious ways to do it involve motivating attackers to do the audit for
> you:
> 
> - Use it in a DRM scheme.
> - Use it to lock down a Playstation so you can't run Linux on it.
> - Present it to UK universities as "a system designed by a French
> university".
> - Post it anonymously to sci.crypt as a leaked government
> design.

Haha, that will certainly work ;-).

One experience with code audits is that the first hour is the by far most 
productive.  If you want to hide secret backdoors, make sure the code is big 
and difficult to navigate, so that people won't get to your backdoor in the 
first hour, no matter where they start.  Large source code bases like GnuPG or 
OpenSSL are ideal to bury backdoors like Heartbleed.

When it's actually fun to look through the code, people do it.

-- 
Bernd Paysan
"If you want it done right, you have to do it yourself"
net2o ID: kQusJzA;7*?t=uy at X}1GWr!+0qqp_Cn176t4(dQ*
http://bernd-paysan.de/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: This is a digitally signed message part.
URL: <https://lists.cryptech.is/archives/tech/attachments/20160120/e1025787/attachment.sig>