Re: FOSS and backdoors in the US

On 4/29/2024 10:45 AM, Stefan Claas wrote:

Chris M. Thomasson wrote:
 

On 4/28/2024 2:06 AM, Stefan Claas wrote:

Rich wrote:
>

Stefan Claas <pollux@tilde.club> wrote:

>

If I would be forced, which I doubt, I would comment the code with
something like this:
>
// backdoor begins here
>
backdoor code
>
// backdoor ends here
>
and put in the README how to exchange that code with proper one.

>
Likely would not work well.  Such forcing would likely also be
accompanied by a gag order preventing you from admitting the backdoor
even exists and so such comments and readme text would be a likely gag
order violation that would land you in jail.

>
Well, I gues this may only apply to big FOSS projects, where they can
force teams, or an individual team member, but not the millions of FOSS
programmers out there.
>
Another option for folks, living in West-Eurasia, might be to handle
over the correct code to people in BRICS countries and publish it there.
>
We should also not forget that Democrats (back then Senator Biden),
in the U.S., started the Crypto War ...
>

>
Think if an algorithm A that is published for anyone to implement. Not
raw code, but the algorithm itself. A standard, like HMAC or something.
There "might" be a backdoor in the algorithm itself, however its very,
VERY, very... hard to find. This is why I asked about HMAC having a
backdoor by default. Something that dr. spoofs a lot can take advantage
of. Rich said probably not, wrt the algorithm itself...

 But would a published algorithm not been more peer reviewed than later
a lot of code implementations, from various people?
 

I hope so! I ask this question about HMAC because my experimental encryption uses it.
http://fractallife247.com/test/hmac_cipher/ver_0_0_0_1?ct_hmac_cipher=409075759deda6c624863f74354fbf7e2acc9a01e6e9cc37c544a4c45a306137211c8f704c1b9a367dae45792768e627e4d19b3ac6a1a6116bc7a72efc6c37e05e55cce00350a31b0f1347bd1342534ba75c9b2bd7