Who's crypto are you going to trust? Do you really have time to analyze each product that you use for weaknesses or backdoors?
@kevinmitnick open source software with what @bcrypt calls “software transparency” i.e. reproducible builds
-
-
@bascule@kevinmitnick alas, very uncommon. i think i trust tiny C libraries based on NaCl that i compiled from source. -
.
@bcrypt@bascule@kevinmitnick and the world around you is going towards embedded and mobile appliances and networked things. -
@tangenteroja@bcrypt@kevinmitnick open source mobile apps need reproducible builds too -
@bascule@bcrypt@kevinmitnick Don't disagree but are they built on trustworthy platforms with no backdoors? -
@tangenteroja@bcrypt@kevinmitnick if you can reproduce the build artifact, the build platform is irrelevant: it's still the same artifact -
@bascule@bcrypt@kevinmitnick No, I meant can you trust the execution platform? The code and bin could be perfect, the mobile handset not -
@tangenteroja@bcrypt@kevinmitnick endpoint security and evil maid attacks are orthogonal to trusting a given build of a tool
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.