Linked by Thom Holwerda on Sat 4th Mar 2006 17:27 UTC, submitted by Tyr.
Windows A Microsoft developer and cryptographer responded in his blog to a news story by the BBC about the problems strong encryption built into Vista might cause for law enforcement. "Over my dead body," he said, regarding the possibilty of including a law-enforced backdoor in Vista.
Thread beginning with comment 101488
To view parent comment, click here.
To read all comments associated with this story, please click here.
RE[5]: Lame
by Deviate_X on Sun 5th Mar 2006 09:49 UTC in reply to "RE[4]: Lame"
Deviate_X
Member since:
2005-07-11

rayiner: "The ability to compile the code (with a trusted compiler) is a requirement for being able to verify that the binaries you deploy match byte for byte the code produced by compiling"

(1) Rayiner you obviously don't understand what you are talking about - two different compilers will invariably produce two different binaries - this is because different compilers use different compilation strategies - this is obvious to any software developer.

If you then use the same compiler(s) as microsoft how will you know that the compiler hasn't inserted bad code?

If both use GCC, then you won't be comparing against the original binary.

If you use GCC, you binaries will be different because the compilers are different and how do you know the compiler didnít insert bad code anyway?

The GNU project servers were compromised for 4 months undetected.

http://uk.builder.com/manage/work/0,39026594,20277728,00.htm

Truly the only way to verify a binary is to decompile and debug.

(2) Quote: "The kernel code is written primarily in C, with assembly code reserved for those tasks that require the fastest possible code or that really heavily on the capabilities of the processor" - Inside NT Kernel Architecture

Edited 2006-03-05 09:54

Reply Parent Score: 2

RE[6]: Lame
by netpython on Sun 5th Mar 2006 10:10 in reply to "RE[5]: Lame"
netpython Member since:
2005-07-06

Or the compiler itself is trojaned.

Reply Parent Score: 1

RE[6]: Lame
by rayiner on Sun 5th Mar 2006 10:39 in reply to "RE[5]: Lame"
rayiner Member since:
2005-07-06

The assumption is, of course, that the compiler itself is trusted. Otherwise, verifying the OS makes no sense --- an untrustworthy compiler could still compile applications with back doors.

Now, decompiling will allow you to verify a binary you haven't compiled yourself, but looking for security flaws in decompiled code is substantially harder than doing it in compiled code.

The implications of these facts, of course, are the following:

1) You cannot truely trust a binary you have not compiled yourself;
2) Programs with large code bases are hard to verify and thus bad for security.

Of course, these points reiterate the obvious --- small, simple programs with open source code are the most trusthworthy programs...

Reply Parent Score: 1