[cryptography] Question About Best Practices for Personal File Encryption

Andy Isaacson adi at hexapodia.org
Sun Aug 17 18:06:58 EDT 2014


On Sun, Aug 17, 2014 at 10:56:33PM +0200, Alfie John wrote:
> Given an open source program, it can be accountable by anyone. If there
> is a bug, it can be patched. If there is a deliberate backdoor, it can
> be pointed to as an example of why to completely abandon the program and
> mark the developer as tainted forever.

I'm a significant proponent of open source, and the benefits you
enumerate here are definitely true.  Open source can be helpful in
reviewing code, in grokking developer intent, in providing a hash-chain
guarantee of code lineage, in providing change history and justification
when reviewing new releases of a previously audited program, and in
fostering positive engineering practices.

However --

> Given a proprietary program, it is accountable to the supplier and you
> have no other option. If there is a bug, all you can do is hope for a
> patch. If there is a deliberate backdoor, all you can do is hope that
> someone will spots if it is ever reverse engineered.

Your "proprietary program" strawman is full of holes.

The intellectual labor of decompiling a program delivered as a binary is
not especially large compared to the labor required to do a thorough
systematic review.  Given IDA Pro and a non-obfuscated Win32 or Linux
app, people I trust say the decompilation process is on the order of
10%-20% of the total effort of a review.

Binary patches are not great by any means, but they are definitely a
feasible method of deploying fixes, and this method works and is well
tested in the real world.  Some kinds of deployments basically require
binary patching, no matter what the underlying source management
technology.  (The Linux Ksplice project provides one prominent example.)

Backdoors are an enormous problem for both open source and
binary-distribution codebases, and claiming that open source will save
you from backdoors ignores the reality of the situation.  Just to start,

http://underhanded.xcott.com/
http://www.wired.com/2013/04/underhanded-c-contest/
http://graphics.stanford.edu/~danielrh/vote/vote.html
http://codegolf.stackexchange.com/questions/tagged/underhanded?sort=votes&pageSize=50

"Building Reliable Voting Machine Software", Ka-Ping Yee
http://zesty.ca/voting/

page 148 of http://zesty.ca/pubs/yee-phd.pdf provides a sobering
assessment of the difficulty of finding intentionally inserted bugs in
open source software.

-andy


More information about the cryptography mailing list