[Cryptech Tech] design software

Philipp Gühring pg at futureware.at
Wed Jan 20 01:14:00 UTC 2016

Previous message (by thread): [Cryptech Tech] design software
Next message (by thread): [Cryptech Tech] design software
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi,

> One experience with code audits is that the first hour is the by far
> most 
> productive.  If you want to hide secret backdoors, make sure the code
> is big 
> and difficult to navigate, so that people won't get to your backdoor in
> the 
> first hour, no matter where they start.  Large source code bases like
> GnuPG or 
> OpenSSL are ideal to bury backdoors like Heartbleed.
> 
> When it's actually fun to look through the code, people do it.

I fully agree, if you want something auditable, make it as easy to read as
possible. (Open fileformats, free readers, free samples, short/small
codebase, and as accessible as possible.)

Best regards,
Philipp

Previous message (by thread): [Cryptech Tech] design software
Next message (by thread): [Cryptech Tech] design software
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Tech mailing list