Follow Slashdot stories on Twitter

 


Forgot your password?
Close
typodupeerror
×
Operating Systems Encryption Open Source Privacy Your Rights Online

Jacob Appelbaum on How OSS Improves Cryptography 35

Posted by timothy from the dangerous-most-dangerous dept.
destinyland writes "Jacob Appelbaum, the Tor Project's main advocate, argues that Open Source software is necessary 'to both verify and improve' available cryptography. (Adding 'We also need that to ensure that everyone has a reasonable baseline — which is part of the cypherpunk ethos.') In this new interview, he's critical of a general public silence over government encroachments on privacy, but points to the current impact of the Tor network now as something that 'runs, is open and is supported by a large community spread across all walks of life.' And he ultimately identifies Tor as 'part of an ecosystem of software that helps people regain and reclaim their autonomy,' saying the distributed anonymous network 'helps to enable people to have agency of all kinds; it helps others to help each other and it helps you to help yourself.'"
This discussion has been archived. No new comments can be posted.

Jacob Appelbaum on How OSS Improves Cryptography More

Jacob Appelbaum on How OSS Improves Cryptography

Comments Filter:

  • This is obvious to anyone who has studied crypto (Score:5, Informative)

    by elucido ( 870205 ) on Thursday March 14, 2013 @06:39PM (#43177019)

    If the source and implementation is closed it could be backdoored from the kernel to the compiler to the random number generator to the crypto algorithm implementation.

    Here is a problem though, since Windows is closed source what good is Tor or crypto in that environment? If you have to use crypto for any reason other than to protect your passwords then its probably at risk whether you use open source or not. Just one bug or backdoor allowing a RAT to interface with your computer and gain root/superuser or anything like that and all your keys are compromised. Key generation would have to be done in hardware. Entropy is also an issue you probably wont easily solve. There is a very long way to go before any crypto implementation will be secure and mainstream. Linux has not changed that game because you install one wrong piece of software and you've got a backdoor and it could be disguised as a legit piece of software. Since not every piece of software run on Linux is open source you don't know for a fact.

  • Re:This is obvious to anyone who has studied crypt (Score:4, Informative)

    by sqlrob ( 173498 ) on Thursday March 14, 2013 @06:52PM (#43177119)

    Even OSS can be vulnerable [bell-labs.com]

  • Re:This is obvious to anyone who has studied crypt (Score:4, Informative)

    by DMUTPeregrine ( 612791 ) on Thursday March 14, 2013 @08:24PM (#43177931) Journal
    No one is saying that being open source makes your software invulnerable, just that it makes exploitation harder. Being open source is necessary but not sufficient for a software package to be considered secure. In this context open source can simply mean that the source is available to the customers and their auditors only, not the whole world.

Slashdot Top Deals

The moon is made of green cheese. -- John Heywood

Close