Jacob Appelbaum on How OSS Improves Cryptography 35
destinyland writes "Jacob Appelbaum, the Tor Project's main advocate, argues that Open Source software is necessary 'to both verify and improve' available cryptography. (Adding 'We also need that to ensure that everyone has a reasonable baseline — which is part of the cypherpunk ethos.') In this new interview, he's critical of a general public silence over government encroachments on privacy, but points to the current impact of the Tor network now as something that 'runs, is open and is supported by a large community spread across all walks of life.' And he ultimately identifies Tor as 'part of an ecosystem of software that helps people regain and reclaim their autonomy,' saying the distributed anonymous network 'helps to enable people to have agency of all kinds; it helps others to help each other and it helps you to help yourself.'"
This is obvious to anyone who has studied crypto (Score:5, Informative)
If the source and implementation is closed it could be backdoored from the kernel to the compiler to the random number generator to the crypto algorithm implementation.
Here is a problem though, since Windows is closed source what good is Tor or crypto in that environment? If you have to use crypto for any reason other than to protect your passwords then its probably at risk whether you use open source or not. Just one bug or backdoor allowing a RAT to interface with your computer and gain root/superuser or anything like that and all your keys are compromised. Key generation would have to be done in hardware. Entropy is also an issue you probably wont easily solve. There is a very long way to go before any crypto implementation will be secure and mainstream. Linux has not changed that game because you install one wrong piece of software and you've got a backdoor and it could be disguised as a legit piece of software. Since not every piece of software run on Linux is open source you don't know for a fact.
Re:This is obvious to anyone who has studied crypt (Score:4, Informative)
Even OSS can be vulnerable [bell-labs.com]
Re:This is obvious to anyone who has studied crypt (Score:4, Informative)