[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-talk] Tor users are not anonymous
> Truecrypt is a open source software therefore NSA doesn't have back
> door access to this particular software.
Without deterministic builds, and TrueCrypt isn't deterministically
build,  Open Source does not prevent backdoors, unless you compile
from source code. The ones who compiles, uploads and distribute the
binaries have the option to add a backdoor. Also the ones who may have
infected the build machine with a backdoor are in position to add a
backdoor without the distributor being aware of it.
And even in the source code you can add subtle backdoors. Source:
"The moral is obvious. You can't trust code that you did not totally
create yourself. (Especially code from companies that employ people
like me.) No amount of source-level verification or scrutiny will
protect you from using untrusted code. In demonstrating the
possibility of this kind of attack, I picked on the C compiler. I
could have picked on any program-handling program such as an
assembler, a loader, or even hardware microcode. As the level of
program gets lower, these bugs will be harder and harder to detect. A
well installed microcode bug will be almost impossible to detect."
 and without people scrutinizing it, checking that the binary has
been build from the exact same source code as claimed,
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsusbscribe or change other settings go to