lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date: Thu, 16 Dec 2010 16:04:27 -0500
From: musnt live <musntlive@...il.com>
To: full-disclosure@...ts.grok.org.uk
Subject: Why OpenBSD is can be backdoored and no one is
	see comeing

>>>>>>>>>> Schmel is say
> There are several problems with this story that seem to have been
> overlooked.
>
> First, if someone was able to alter the crypto source code 10 years ago,
> you have to assume that in the following 10 years not one person reviewing
> or editing that code would have noticed a thing.  So, the person who did
> the altering has to be smarter than every other crypto guy who worked on
> the code.  Smart enough that nobody would even notice what he did and smart
> enough that nothing would be noticed operationally.  Not one entity, with
> all the security personnel those entities employed, would have ever noticed
> or even inadvertently stumbled across any traffic going to an unexpected
> place.
>>>>>>>>>>

Schmehl is cuckoo. Is truth be is that, is someone in US government is
make crypto beforehand and is give to the accused, backdoor is
pre-programmed and is could be created by is same people who is create
Magic Lantern, DCS1000, etc., is could include NSA.

>>>>>>>>>>
> Second, no one editing the crypto code after the alteration would have ever
> made a single change to the code that would affect the alteration in an
> adverse way, either rendering it inoperable or causing it to generate
> traffic that would be unexpected and noticed by watchful eyes.
>>>>>>>>>>

Schmehl is smelly. Is not know about covert ICMP fragments that is can
be reassembled. Is data parsed out of encryption, data too can be
inserted into ICMP covert tunnel in fragment to say Google and is
sniffer can see traffic. Person watching see ICMP to Google and say
"all is goodski"

>>>>>>>>>>
> Now we're talking a genius on the level of Einstein, at least.  Of all the
> code in use, crypto is probably the most scrutinized and is scrutinized by
> the smartest guys.  All of whom were apparently too dumb to notice
> *anything* unusual in the code at all, if this story is to be believed.
> And he was able to alter it in a way that made it completely resistant to
> any future changes in the code.
>>>>>>>>>>

Is you overlook is fact, coders at NSA could give someone pre-programmed code

>>>>>>>>>>
> Finally, the guy who sent Theo the email obviously lied, or else there's a
> third Scott Lowe that hasn't yet been unearthed.
>>>>>>>>>>

Is how you know he lie? You is speculate

>>>>>>>>>>
> It's impossible to prove a negative.  So, if you want to hurt or get back
> at Theo for some reason, the easiest way to do it is claim there's a
> supersekrit backdoor in the code that no one has noticed for ten years.
> Now Theo gets to go on a wild goose chase that has no resolution, because
> you cannot prove there is no backdoor.  The best you can do is claim to
> have thoroughly audited the code and not found one.
>>>>>>>>>>

Terrorist demand US soldiers go home
Liberals demand US soldiers go home

Is Liberal terrorist?

Men still have to be governed by deception. Georg C. Lichtenberg

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ