A Microsoft developer and cryptographer responded in his blog to a news story by the BBC about the problems strong encryption built into Vista might cause for law enforcement. "Over my dead body," he said, regarding the possibilty of including a law-enforced backdoor in Vista.
To read all comments associated with this story, please click here.
Member since:2005-07-11
rtfa: "They're not allowed to compile to check so the code is unverifiable making it a nonsense that they can truely check for backdoors or whatever they wish to check for."
The ability to compile/or not compile source code is not as important as is the ability understand code and intentions. And by code I mean high-level (C/C++) and low-level languages (Assembly) - Machine Code.
Therefore anyone examining the source code would have to have deep understanding of assembler – actually it would be a prerequisite given those significant parts of windows is written in assembly.
To such a person, talented enough, the high-level language code is just good reference material - as a matter of fact anyone with a debugger and time can walk through the assembly code and figure out whats going on now
Member since:2005-08-28
Being able to compile the code IS important, though... if you can't compile the code yourself, how do you know the code you've been given is actually the code used to produce the binary you were given? I mean, outside of an ability to spot inconsistencies between the code and the binary itself...
Member since:2005-07-06
1) The ability to compile the code (with a trusted compiler) is a requirement for being able to verify that the binaries you deploy match byte for byte the code produced by compiling the audited source code. It's the only way of assuring that the source code you have is actually the exact source to the binaries you have.
2) Actually, most of Windows NT is written in C, not assembler, including the "significant" portions. While the various NT ports have been eliminated over time, the code itself is still easily portable, as evidenced by the various NT versions that used to run on Alpha, MIPS, etc, and the fact that the PowerPC-based XBox360 runs a version of Windows NT as well.
Member since:
2006-02-27
"Actually an very large number of people have access to the windows source code. "
They may have access to source code, but do they have access to the source that matches the binaries that make up the OS they are using? They're not allowed to compile to check so the code is unverifiable making it a nonsense that they can truely check for backdoors or whatever they wish to check for.