lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Fri, 24 Dec 2010 08:05:28 -0500
From: Григорий Братислава <musntlive@...il.com>
To: coderman <coderman@...il.com>
Cc: full-disclosure@...ts.grok.org.uk, mickey@...ifer.net
Subject: Re: how i stopped worrying and loved the backdoor

Hello full disclosure!!!

I'd like to warn you about many things but not bucketing. However is
you must read and not be troll for you is to understand this for your
own. musntlive cannot be all everyone's guide to common sense.

"A Provably Secure And Efficient Countermeasure Against Timing Attacks"
http://eprint.iacr.org/2009/089.pdf

"Vulnerability Bounds and Leakage Resilience of Blinded Cryptography
under Timing Attacks"
http://users.cis.fiu.edu/~smithg/papers/csf10.pdf

In is musntlive's interpretation is everyone miss OpenBSD big picturuski:

a1) Hiding in plain sight
a2) Developer Deception

Is musntlive establish (proven: this is not theory) that developers
lied all along. So while is many cry troll, musntlive laugh and think
of Cassandra.

b1) Is OpenBSD not audit anything otherwise this not happen
b2) For those trolls (Schmehl) who state: `Someone would have caught
it` - they is forget that crypto is highly specialized and is all a
part of the corruption machine, there is none to catch [is see Juvenal
quote who watching watchers]
b3) We is now privy to see how Theo via foreign financial accounts is
tied into this - he can disprove this is he like but he is likely stay
shut
b4) Theo is come clean not to show public `I come clean I not know`
but more is to say `is I come clean before is beans spilled, everyone
is believe me`

[Response a1] Is because crypto implementation very hard is difficult
for to someone to audit is code. In normal programming a simple
operator can is change the entire game. Is difference between < and is
say > is all one need. For this we is now take into account 'salami
attacks' (do not is say musntlive not warn you)

[Response a2] Is everyone forget KGII (key goal is indicators) of
everything. Money is talk (see b3) and when is everyone is on the same
ledger[payroll] and is give geek dream job of one being superspyman,
egos run stupid. Geeks is like Jason is stupid for to government say:
"Give is stupid nerd some Mountain Dew, mousepad, new laptop, he
ours!" versus old school "he is wants Ferrari, cash and ladies" (see
Mafiosi requirements for cash).

When money is motivator is one be surprised at what someone is capable
of is... is. Is everyone too stupid to remember this or do everyone is
believe no one is above corruption particularisly "FOSS" developers.
(I is pity you is you think this)

[Response b1] Is who will come clean when all is dirty on the
developer team. 3 people on code all on the same covert team and is
one head honchoruski (Theo see b3) is getting kickbacks in covert
accounts

[Response b2] For Paul Schmehl and other trolls I is like to introduce
you to is Cassandra Complex
http://en.wikipedia.org/wiki/Cassandra_(metaphor)

[Response b3] http://www.youtube.com/watch?v=bjZRAvsZf1g

[Response b4] Theo is not to be believed on this whole matter see
Cassandra Complex


Happy Merry Jolly and is Merry Happy New Year.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ