[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Tor users are not anonymous

> Truecrypt is a open source software therefore NSA doesn't have back
> door access to this particular software.

Without deterministic builds, and TrueCrypt isn't deterministically
build, [1] Open Source does not prevent backdoors, unless you compile
from source code. The ones who compiles, uploads and distribute the
binaries have the option to add a backdoor. Also the ones who may have
infected the build machine with a backdoor are in position to add a
backdoor without the distributor being aware of it.

And even in the source code you can add subtle backdoors. Source:

"The moral is obvious. You can't trust code that you did not totally
create yourself. (Especially code from companies that employ people
like me.) No amount of source-level verification or scrutiny will
protect you from using untrusted code. In demonstrating the
possibility of this kind of attack, I picked on the C compiler. I
could have picked on any program-handling program such as an
assembler, a loader, or even hardware microcode. As the level of
program gets lower, these bugs will be harder and harder to detect. A
well installed microcode bug will be almost impossible to detect."

[1] and without people scrutinizing it, checking that the binary has
been build from the exact same source code as claimed,
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsusbscribe or change other settings go to