[tor-talk] Tor users are not anonymous
adrelanos
adrelanos at riseup.net
Sat Sep 7 01:31:37 UTC 2013
shadowOps07:
> Truecrypt is a open source software therefore NSA doesn't have back
> door access to this particular software.
Without deterministic builds, and TrueCrypt isn't deterministically
build, [1] Open Source does not prevent backdoors, unless you compile
from source code. The ones who compiles, uploads and distribute the
binaries have the option to add a backdoor. Also the ones who may have
infected the build machine with a backdoor are in position to add a
backdoor without the distributor being aware of it.
And even in the source code you can add subtle backdoors. Source:
http://cm.bell-labs.com/who/ken/trust.html
"The moral is obvious. You can't trust code that you did not totally
create yourself. (Especially code from companies that employ people
like me.) No amount of source-level verification or scrutiny will
protect you from using untrusted code. In demonstrating the
possibility of this kind of attack, I picked on the C compiler. I
could have picked on any program-handling program such as an
assembler, a loader, or even hardware microcode. As the level of
program gets lower, these bugs will be harder and harder to detect. A
well installed microcode bug will be almost impossible to detect."
[1] and without people scrutinizing it, checking that the binary has
been build from the exact same source code as claimed,
More information about the tor-talk
mailing list