On 10.09.13 10:48, Jason White wrote:
Russell Coker <russell@coker.com.au> wrote:
Next if the NSA wanted to put some hostile code in the kernel then surely they would use a random gmail account to submit patches and not do anything bad under their own name.
Agreed. Further, if any government wanted to subvert cryptography they could do it by trying to sneak code into OpenSSL, NSS or GNUTLS - and the vulnerability would have to be subtle enough to escape notice by the maintainers.
Given the media reports of the NSA using several supercomputers to crack SSL traffic (with some degree of success apparently) it may be that they don't have anything but brute force and possibly a few cryptology tricks, so far. (Depending on how much credence is to be given to anything heard in the media.) Erik -- I sense much distrust in you. Distrust leads to cynicism, cynicism leads to bitterness, bitterness leads to the Awareness of True Reality which is referred to by those-who-lack-enlightenment as "paranoia" I approve. - fortune