[liberationtech] DecryptoCat
Jens Christian Hillerup
jens at hillerup.net
Thu Jul 4 03:18:26 PDT 2013
On Thu, Jul 4, 2013 at 11:36 AM, KheOps <kheops at ceops.eu> wrote:
> Just came accross this:
> http://tobtu.com/decryptocat.php
Eep!
It seems like the saying "given enough eyeballs, all bugs are shallow" has
become obsolete, huh? Peer review is an integral part to developing secure
cryptography implementations, but unfortunately this fundamentally crashes
with the hacker mantra of "just do it". It's a shame that this project did
not get this kind of attention until after people started relying on
it---that could have saved a lot of people from a lot of shouting in any
case.
So what do we do about this? Opening the source code as an argument for
security no longer suffices. How can we raise money for rigid and
independent quality assurance of software that in this case is designed to
potentially saving lives? And how can we make sure that this money flows
into the fund and out to the QAers on a regular basis?
I don't know, sadly, but I'd love to discuss it.
JC
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.stanford.edu/pipermail/liberationtech/attachments/20130704/fe544a04/attachment.html>
More information about the liberationtech
mailing list