On Mon, 04 Aug 2014 04:08:15 +1000
Andrew McGlashan <andrew.mcglashan@affinityvision.com.au> wrote:
> All good points, trouble I see is that even /good/ teams can become
> violated by someone ... NSA working with NIST is one example;
This is why an international team is important, with
redundant checks and controls.
> I'm
> not going to say anything more on that other than "things aren't
> always as they appear."
Unfortunately, nsa also worked w/ google on android :(
(and surely with many more other sensible things).
I also happen to read an article about solid-state random
generators; on todays designs, killing only 2-3 transistors
would so much hamper the quality of randomness that the
result couldn't be called random anymore. (Anyway, I never
trusted them, but some softwares use them as _default_ source:(
> I'm also not going to allege that the HeartBleed bug was
> intentional, but it could have been and we may never know for sure.
I was more thinking about the much older "bug" re-introduces
by only one line "back from an old commit": there was not one
comment from the openssl team, not even a note in the changelog…
Thinking you will be the only one able to exploit holes like
that is more moron thought than the beginning of a strategy.
--
Sugar-Junkie : haha, I love insurance companies
Sugar-Junkie : they just called my mom, 45, to ask her if she'd want to
be incinerated or buried…
Comakoon : accidents happen…
Sugar-Junkie : she answered than accordingly to her religion, she wanted to
be buried naked in an anthill to feed her insects sisters.
Attachment:
signature.asc
Description: PGP signature