Who's crypto are you going to trust? Do you really have time to analyze each product that you use for weaknesses or backdoors?
-
-
Replying to @kevinmitnick
@kevinmitnick open source software with what@bcrypt calls “software transparency” i.e. reproducible builds1 reply 0 retweets 1 like -
Replying to @bascule
@bascule@kevinmitnick alas, very uncommon. i think i trust tiny C libraries based on NaCl that i compiled from source.1 reply 0 retweets 1 like -
Replying to @bcrypt
.
@bcrypt@bascule@kevinmitnick and the world around you is going towards embedded and mobile appliances and networked things.1 reply 0 retweets 0 likes -
Replying to @tangenteroja
@tangenteroja@bcrypt@kevinmitnick open source mobile apps need reproducible builds too1 reply 0 retweets 0 likes -
Replying to @bascule
@bascule@bcrypt@kevinmitnick Don't disagree but are they built on trustworthy platforms with no backdoors?1 reply 0 retweets 0 likes -
Replying to @tangenteroja
@tangenteroja@bcrypt@kevinmitnick if you can reproduce the build artifact, the build platform is irrelevant: it's still the same artifact1 reply 0 retweets 0 likes -
Replying to @bascule
@bascule@bcrypt@kevinmitnick No, I meant can you trust the execution platform? The code and bin could be perfect, the mobile handset not2 replies 1 retweet 0 likes
@tangenteroja @bcrypt @kevinmitnick endpoint security and evil maid attacks are orthogonal to trusting a given build of a tool
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.