[liberationtech] DNSSEC to the rescue. Was: Snakeoil and suspicious encryption services
Tony Arcieri
bascule at gmail.com
Tue Jul 22 17:20:33 PDT 2014
On Tue, Jul 22, 2014 at 4:38 PM, Aymeric Vitte <vitteaymeric at gmail.com>
wrote:
> And checking what is doing a 400 kB js code is trivial for any serious js
> dev
This assertion is completely ludicrous, especially when you're talking
about trying to find a potentially stealthy malicious payload in 400kB of
code. JavaScript benefits confusers and enables all sorts of obfuscation
techniques which can't be easily undone through simple static analysis.
Asking every user to verify the integrity of 400kB of JavaScript code by
manual review and searching for backdoors is a complete nonstarter when it
comes to practical solutions to detecting compromise.
TweetNaCl, by comparison, fits in 100 tweets.
--
Tony Arcieri
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.stanford.edu/pipermail/liberationtech/attachments/20140722/3e36107d/attachment.html>
More information about the liberationtech
mailing list