OSNews

Probably. If it's DES, 256-bit will still not be enough

yeah! 512bit DES! :p

Really ? I honestly didn't know about it...

Well, let's consider this as a draw You have double-posted Ballmer's speech, after all.

Edited 2011-05-25 19:40 UTC

Group hugs.

Everybody always alleges backdoors in major operating systems and other pieces of software, but nobody provides proof. I tend to believe that the likes of Windows and Solaris do not have backdoors built in, for four reasons:

1. Were it discovered by the public, it would seriously damage the reputation of the company making the software.

2. For the larger targets, they would be discovered by now. It's only a matter of time.

3. Again, I haven't seen evidence ever produced; only accusations and a general assumption that this is true.

4. A few years ago, the US Congress tried to mandate certain types of software and encryption algorithms be made with backdoors. The software industry successfully lobbied against these requirements. It is not in their interests to build holes into their operating systems and encryption algorithms.

As for OpenBSD, there were no backdoor discovered. It was only a former developer who made accusations against another former developer that he was paid to insert backdoors into the IP stack years ago. Further code review showed this to not be the case. Again, accusations without evidence.

EDIT: proofreading helps.

Edited 2011-05-25 17:08 UTC

5) ( for windows) Why require a backdoor, when the front door is wide open? Front door access, gives plausible deniability. No.. that wasn't the NSA/CIA/FBI/DIA, it was a hacker who wrote that virus that stole all your files and smashed your centrifuges.

Windows security is better than it was, but its not as if viruses are impossible now. Still a better idea for an intelligence agency.

Bill Shooter of Bul,

"5) ( for windows) Why require a backdoor, when the front door is wide open? Front door access, gives plausible deniability. No.. that wasn't the NSA/CIA/FBI/DIA, it was a hacker who wrote that virus that stole all your files and smashed your centrifuges."

I don't know why your post was downvoted...but an educated guess says it's likely that secret agencies (or even corporate spies) are using published and unpublished vulnerabilities. It's rather irrelevant that they're intentional or not.

If they really want the information, they can always plant a keylogger. Or mount a highres camera where they can record people logging in.

Or, if those are infeasible, recording the sounds of keystrokes by targeting windows with distant lasers is plausible (yet another vulnerability for owners of windows).

http://berkeley.edu/news/media/releases/2005/09/14_key.shtml

The source code for Windows is available to countries that want to analyse it and use it in high security environments. So since it's being used in countries other than US, I bet there is no backdoor.

Mmm... they won't know if what they see is... the source code of it... until they will be able to compile it, modify it, compile it again, test the resulting compiled system, etc.

I mean, I can say that I have the secret formula of the coca-cola, and give the recipe to a country. But until they follow the recipe and try the product... they won't know if the "recipe" was really true or not.

And what gives you the idea that the Russians, Chinese, Israelis and French didn't do it?

"And what gives you the idea that the Russians, Chinese, Israelis and French didn't do it?"

I don't know if they can or cannot compile it themselves, but I somewhat doubt microsoft would allow them that privilege.


The thing is, the notion that anyone having the source knows whether windows is secure seems a little implausible.

Vulnerabilities can creep up in innocent looking code. That would always offer plausible denyability.

When a security update comes in, countries in possession of the code could indeed locate the vulnerabilities in the source, but where is the evidence that it was accidental or deliberate? It's not like MS would label a backdoor as "NSAKey" or something.

They kind-of never had an option of not allowing something when bidding for government contracts.

I did not say "they didn't do it". You are talking like if I said that. I said that if someone says "hey, this is the source code of Windows for your country", you don't know if it's true if you are not able to compile it, modify it, compile it again, test the resulting compiled system, etc.

You said "The source code for Windows is available to countries". You don't know that, until you know that they are able to compile it, etc.

Edited 2011-05-28 10:40 UTC

No there wasn't.

Yes, there was: http://www.readwriteweb.com/enterprise/2010/12/did-the-fbi-build-ba...

No, there wasn't. There were accusations without any proof. Can you provide solid evidence for the existance of that backdoors (like, somenone who actually found them in the code)? Or, are you just one of the thousands of users that believe every gossip they read on the internet?

Edited 2011-05-25 18:01 UTC

No there wasn't. Seriously, a backdoor in open source code hidden in plain sight for years? I mean, not just a bug, a backdoor. Go ahead, the code is there, dig out the proof that no-one who has audited the code has found.

If you believe this stuff you might as well consider TMZ a reliable news source.