On 09/10/2013 10:48 AM, Jason White wrote:
Russell Coker <russell@coker.com.au> wrote:
Next if the NSA wanted to put some hostile code in the kernel then surely they would use a random gmail account to submit patches and not do anything bad under their own name.
Agreed. Further, if any government wanted to subvert cryptography they could do it by trying to sneak code into OpenSSL, NSS or GNUTLS - and the vulnerability would have to be subtle enough to escape notice by the maintainers.
The so-called "revelations" aren't anything particularly exciting anyway. They merely confirm that some parts of the NSA recently started doing things that lots of people expected them to have been doing since the 90's. Yes, exactly. What we don't know is whether any well-known cryptographic algorithms have been broken or weakened. As I recall however, the U.S. government is supposed to be moving toward elliptic curve cryptography, and the NSA has an interest in *protecting* the confidentiality of government information.
_______________________________________________ luv-main mailing list luv-main@luv.asn.au http://lists.luv.asn.au/listinfo/luv-main
George Orwell got it right!