Linked by Thom Holwerda on Sat 4th Mar 2006 17:27 UTC, submitted by Tyr.
Windows A Microsoft developer and cryptographer responded in his blog to a news story by the BBC about the problems strong encryption built into Vista might cause for law enforcement. "Over my dead body," he said, regarding the possibilty of including a law-enforced backdoor in Vista.
Thread beginning with comment 101422
To view parent comment, click here.
To read all comments associated with this story, please click here.
RE[3]: Lame
by Deviate_X on Sun 5th Mar 2006 01:27 UTC in reply to "RE[2]: Lame"
Deviate_X
Member since:
2005-07-11

rtfa: "They're not allowed to compile to check so the code is unverifiable making it a nonsense that they can truely check for backdoors or whatever they wish to check for."

The ability to compile/or not compile source code is not as important as is the ability understand code and intentions. And by code I mean high-level (C/C++) and low-level languages (Assembly) - Machine Code.

Therefore anyone examining the source code would have to have deep understanding of assembler Ė actually it would be a prerequisite given those significant parts of windows is written in assembly.

To such a person, talented enough, the high-level language code is just good reference material - as a matter of fact anyone with a debugger and time can walk through the assembly code and figure out whats going on now

Reply Parent Score: 1

RE[4]: Lame
by DigitalAxis on Sun 5th Mar 2006 02:20 in reply to "RE[3]: Lame"
DigitalAxis Member since:
2005-08-28

Being able to compile the code IS important, though... if you can't compile the code yourself, how do you know the code you've been given is actually the code used to produce the binary you were given? I mean, outside of an ability to spot inconsistencies between the code and the binary itself...

Reply Parent Score: 1

RE[5]: Lame
by 30-day-trial on Sun 5th Mar 2006 02:38 in reply to "RE[4]: Lame"
30-day-trial Member since:
2006-03-04

http://www.microsoft.com/resources/sharedsource/Licensing/OEM.mspx : The OEM shared shource license states: "Licensees may modify, assemble, compile or link the source code and execute the resulting derivative binary code on a temporary basis to assist in debugging its hardware for the Microsoft Windows operating system"

Reply Parent Score: 1

RE[4]: Lame
by rayiner on Sun 5th Mar 2006 07:19 in reply to "RE[3]: Lame"
rayiner Member since:
2005-07-06

1) The ability to compile the code (with a trusted compiler) is a requirement for being able to verify that the binaries you deploy match byte for byte the code produced by compiling the audited source code. It's the only way of assuring that the source code you have is actually the exact source to the binaries you have.

2) Actually, most of Windows NT is written in C, not assembler, including the "significant" portions. While the various NT ports have been eliminated over time, the code itself is still easily portable, as evidenced by the various NT versions that used to run on Alpha, MIPS, etc, and the fact that the PowerPC-based XBox360 runs a version of Windows NT as well.

Reply Parent Score: 2

RE[5]: Lame
by Deviate_X on Sun 5th Mar 2006 09:49 in reply to "RE[4]: Lame"
Deviate_X Member since:
2005-07-11

rayiner: "The ability to compile the code (with a trusted compiler) is a requirement for being able to verify that the binaries you deploy match byte for byte the code produced by compiling"

(1) Rayiner you obviously don't understand what you are talking about - two different compilers will invariably produce two different binaries - this is because different compilers use different compilation strategies - this is obvious to any software developer.

If you then use the same compiler(s) as microsoft how will you know that the compiler hasn't inserted bad code?

If both use GCC, then you won't be comparing against the original binary.

If you use GCC, you binaries will be different because the compilers are different and how do you know the compiler didnít insert bad code anyway?

The GNU project servers were compromised for 4 months undetected.

http://uk.builder.com/manage/work/0,39026594,20277728,00.htm

Truly the only way to verify a binary is to decompile and debug.

(2) Quote: "The kernel code is written primarily in C, with assembly code reserved for those tasks that require the fastest possible code or that really heavily on the capabilities of the processor" - Inside NT Kernel Architecture

Edited 2006-03-05 09:54

Reply Parent Score: 2