lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <CFB1EC34.28B4D%gbromage@appneta.com> Date: Mon, 2 Jun 2014 16:02:19 +0000 From: Greg Bromage <gbromage@...neta.com> To: "fulldisclosure@...lists.org" <fulldisclosure@...lists.org> Subject: Re: [FD] TrueCrypt 7.1 repos on GitHub - forking starting point On Fri, 30 May 2014 15:00:39 -0500, Brandon Perry <bperry.volatile@...il.com> wrote: >2) Do you trust these users to understand the codebase thoroughly enough >and understand cryptography enough to not introduce stupid crypto bugs? >That is a huge caveat. It is - but it¹s also the risk you run with any open source crypto, or kernel, or anything else. Plus anyone, no matter how familiar you are with a codebase, can introduce stupid bugs. I speak from personal experience. :) My guess would be that, after the audit is complete, a lot of people (myself, and those a lot smarter than I am about crypto) will be keeping a close eye on the diffs. Cheers, Greg _______________________________________________ Sent through the Full Disclosure mailing list http://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Powered by blists - more mailing lists