[cryptography] Fwd: [gsc] Fwd: OpenBSD IPSEC backdoor(s)

Chris Palmer chris at noncombatant.org
Wed Dec 15 23:12:27 EST 2010


Sandy Harris writes:

> First, it is open source. The code can be audited, and anyone with really

People make too much of this. In my experience, given the level of detail
that you need to absorb to properly audit this kind of C code, it's not
really all that different from auditing disassembled object code. In some
cases, RE tools make the job easier. IDA's tree-of-basic-blocks view and a
nice debugger can be just as easy or easier to deal with than your favorite
IDE or Source Insight.

Which is to say, it's extremely hard either way. :)


--
http://noncombatant.org/



More information about the cryptography mailing list