[CentOS] Can we trust RedHAt encryption tools?

Tue Jan 7 15:52:57 UTC 2014
Steve Clark <sclark at netwolves.com>

On 01/07/2014 09:04 AM, m.roth at 5-cent.us wrote:
> John Doe wrote:
>> After all the news about backdoors, "planted" bugs or weakened standards
>> in apps, in routers, hardware firmwares, etc... these days, can we trust
>> anything?
>> Can we trust the bios?
>>
>> Can we trust the compiler not to stealthily inject a backdoor in the
>> compiled version of a clean code?Given that most entries from the The
>> International Obfuscated C Code Contest (http://www.ioccc.org/)
Yeah didn't Dennis Richie modify the C compiler to insert a backdoor for him when
ever the compiler saw login.c was being programmed?
> One thing on the positive side: the last few months, I think a *lot* of
> folks are eyeballing this stuff, specifically looking for issues, and
> probably some are going back to things that they said "I dunno... but I'll
> come back to look at this someday". I *suspect* that within about six
> months, it'll be as relatively safe as it was maybe 10 years ago.
>
> Of course, we'll need some wakeup call to look at it all again in 10
> years. In the meantime, I think things are getting safer, relatively.
>
> Hmmmm, speaking of BIOS, wonder if this will impact the push for UEFI....
>
>            mark
>
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos
>


-- 
Stephen Clark
*NetWolves*
Director of Technology
Phone: 813-579-3200
Fax: 813-882-0209
Email: steve.clark at netwolves.com
http://www.netwolves.com