Sujet : Re: FOSS and backdoors in the US
De : chris.m.thomasson.1 (at) *nospam* gmail.com (Chris M. Thomasson)
Groupes : sci.cryptDate : 28. Apr 2024, 21:37:09
Autres entêtes
Organisation : A noiseless patient Spider
Message-ID : <v0mc1l$18cqm$1@dont-email.me>
References : 1 2 3 4
User-Agent : Mozilla Thunderbird
On 4/28/2024 2:06 AM, Stefan Claas wrote:
Rich wrote:
Stefan Claas <pollux@tilde.club> wrote:
If I would be forced, which I doubt, I would comment the code with
something like this:
>
// backdoor begins here
>
backdoor code
>
// backdoor ends here
>
and put in the README how to exchange that code with proper one.
>
Likely would not work well. Such forcing would likely also be
accompanied by a gag order preventing you from admitting the backdoor
even exists and so such comments and readme text would be a likely gag
order violation that would land you in jail.
Well, I gues this may only apply to big FOSS projects, where they can
force teams, or an individual team member, but not the millions of FOSS
programmers out there.
Another option for folks, living in West-Eurasia, might be to handle
over the correct code to people in BRICS countries and publish it there.
We should also not forget that Democrats (back then Senator Biden),
in the U.S., started the Crypto War ...
Think if an algorithm A that is published for anyone to implement. Not raw code, but the algorithm itself. A standard, like HMAC or something. There "might" be a backdoor in the algorithm itself, however its very, VERY, very... hard to find. This is why I asked about HMAC having a backdoor by default. Something that dr. spoofs a lot can take advantage of. Rich said probably not, wrt the algorithm itself...
FOSS and backdoors in the US
Re: FOSS and backdoors in the US
