Sujet : Re: FOSS and backdoors in the US
De : chris.m.thomasson.1 (at) *nospam* gmail.com (Chris M. Thomasson)
Groupes : sci.cryptDate : 10. May 2024, 23:36:42
Autres entêtes
Organisation : A noiseless patient Spider
Message-ID : <v1m7hq$1jnh2$2@dont-email.me>
References : 1 2 3 4 5 6 7
User-Agent : Mozilla Thunderbird
On 5/10/2024 2:20 PM, Rich wrote:
Chris M. Thomasson <chris.m.thomasson.1@gmail.com> wrote:
On 5/9/2024 3:15 PM, Rich wrote:
Chris M. Thomasson <chris.m.thomasson.1@gmail.com> wrote:
On 5/8/2024 9:27 PM, Marco Moock wrote:
Am 07.05.2024 18:20 Uhr schrieb Edward Teach:
>
Backdoors.
>
When people use PRIVATE ENCRYPTION BEFORE any messaging enters a
public channel.......
>
......backdoors are the least of their worries!
>
Isn't enough. There is a time when that message is unencrypted (e.g.
when entering it to the crypto application). The operating system can
then read the cleartext. If the backdoor is in the OS, X11 etc., it
still works here.
>
>
Go to a 100% "clean room", cloaked, cannot receive and/or send anything...
>
Encrypt a message on a clean thumb drive.
>
Where did you obtain the thumb drive?
>
Did you build it, from the ground up, or did you bring it into the
clean-room after purchase from a vendor?
>
If you purchased from a vendor, then how do you know said vendor did
not include a hardware backdoor on that thumb drive?
>
Take out the clean disk with a
single file on it. Destroy the computer...
>
How did the computer get into the clean room? How are you sure that no
hardware on the computer has a backdoor, or that no software running on
the computer has a backdoor?
>
The computer would have to be clean.
Did you manufacture the computer yourself? Or did you buy it from Acme
corp?
Hopefully it would be manufactured by myself. Say, it's actually clean. No problems wrt adulteration.
If you bought it from Acme Corp, how do you know that Acme Corp did not
install a hardware backdoor in the computer?
Did you install the OS yourself, or let Acme install it?
Hopefully a minimalist OS that "everybody" deemed to be clean. Okay to use.
If you let Acme install the OS, how do you know that Acme did not
install a hidden software backdoor?
If you installed the OS yourself, where did you get the files?
Did you create them all yourself, or use a distribution collection?
If you used a distribution collection, how do you know that your
distribution did not install a software backdoor in the OS during the
install process?
However, once its in the room, it
cannot communicate with the outside world, and gets utterly destroyed
after the encryption process. Turned into ashes.
That just means that it is no longer avaiable for inspection.
Hopefully it passed all inspection _before_ this total destruction event can occur.
But that
fact is of no help in determining if there was a backdoor somewhere
/during/ the encryption process.
So, is there a way to use a clean room, a clean computer and a clean medium to store the encrypted file? Assuming clean means clean... ;^o
Humm... Damn.
Damn again!
FOSS and backdoors in the US
Re: FOSS and backdoors in the US
