[geekcrypt] Re: Back door competition

• From: Frank Rehberger <frehberg@xxxxxxxxx>
• To: geekcrypt@xxxxxxxxxxxxx
• Date: Tue, 10 Jun 2014 00:22:19 +0200

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi Bill,

I agree, that we need a review-process by the team before any code is
merged into the main-line.

I don't have experience with this kind of back door competition. Do you
know any other project performing a kind of back door competition and
could we re-use their process or tools?

Kind regards,
frehberg


On 06.06.2014 06:36, Bill Cox wrote:
> I really am paranoid.  As another poster said, "My paranoia goes to 11."  We 
> may already have an
NSA plant on this list.  How can we succeed while working with an NSA
plant?  If he's good, he may create really difficult to detect back
doors, and even if we find them, they will look like an innocent
mistakes.  Is there any defense?  The only way I can think of is
diligent code review.  How can we tell if we're doing a good job?
>
> I think it might be a lot of fun to see which of us can succeed in
inserting a back door without the others noticing.  Every week each
developer (core developer?) would publish a warrant canary containing an
encrypted code snippet, as well as the key to the prior week's code
snippet.  The code snippets would either say "No back doors were
inserted this week", or show exactly where the back door is with an
explanation.
>
> Any time one of us finds a back door, we should raise the alarm.  The
person responsible for the back door should then reveal the decryption
key, proving to us that he had planned to reveal it next week anyway.
>
> Whenever one of us gets away with an undetected back door, the next
week everyone would know about it (and obviously remove it).  We could
call that "wining", and having our back door detected "losing", and even
keep tallies of wins and losses.
>
> Anyway, it's just a though.  It's a sort of a QA for cryto.
>
> Bill

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBAgAGBQJTljOMAAoJEJHkRciZLMhMh6sP/3HRlqAQbgG5surCIMUYhP1c
0pV4uf6rNcJoeGbQoVKHqur331U7h6CO3gNrMy4UlFRC5wCmH+Iqw8yXNmsgvezk
VLyS6RgkPj2PYIP7XQFmOGM8MdDLKdOq5cShIk8YATq5s9UCtkpoWurobbpcoKY5
Wczp7RK8FSpR3ow2atQtszrRJkNuqIFLT6ZOeKncQ5kK+8TqMiHzcKfm8cVGbQB5
3fytnT2otRoibvfcAYaPKpKda+XtlG0wmpjrrKl/vTG9hPIyBdg3prLxqamEeZUG
78eltn5OH6n/aQ/y06mg4PmBqoED2GphmTnd5UGMc9V0L6FhtIzRUJGW8DAjg65k
cWXjL/NW28rbet0VYBenj2DROxKaerV5Roa9+PcAQZbnPfADhKyOCooCGOFocZJt
/D87nQUeEu26RkVkSLD5ew8iiqUxvjNRdSKn11G6GF9e3Je7d4164d1NHq051rt1
JHRmtRdpNYy1PggVcESRi+m+ERxBmhPSt5PcwyhR/pCljg7VH6aSLpirZoYTih9R
WaiJ6cWhbb5FYIO2h4duoIXqwYG4ypa7/Wr8jAZeCM98I8Voia5xvMhn4G1ftb65
hqNLBAgwGw214tKxLSVPTd3CPHKt8KUITqygvFHXYfaRJlh3sIAx2lgBA4quQndQ
9EswCr7QnUeobIN9fca+
=dfSs
-----END PGP SIGNATURE-----

• References:
  • [geekcrypt] Back door competition
    • From: Bill Cox

Other related posts:

• » [geekcrypt] Back door competition- Bill Cox
• » [geekcrypt] Re: Back door competition- Niklas Lemcke - 林樂寬
• » [geekcrypt] Re: Back door competition- Bill Cox
• » [geekcrypt] Re: Back door competition- Pid Zero
• » [geekcrypt] Re: Back door competition- Niklas Lemcke - 林樂寬
• » [geekcrypt] Re: Back door competition- Pid Zero
• » [geekcrypt] Re: Back door competition- Niklas Lemcke - 林樂寬
• » [geekcrypt] Re: Back door competition- Pid Zero
• » [geekcrypt] Re: Back door competition- Stephen R Guglielmo
• » [geekcrypt] Re: Back door competition - Frank Rehberger

1. Home
2. geekcrypt
3. Archive
4. 06-2014

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---