Closed osos closed 10 years ago
Sources?
The article is he might have in mind is http://blog.cryptographyengineering.com/2013/09/on-nsa.html by Matthew Green who is a cryptographer and research professor at Johns Hopkins University. It's probably worth discussing, but it only questions OpenSSH and does not point to any particular critical failure or backdoor.
openssh is open source. i find it hard to believe a backdoor could be inserted w/o people seeing it.
I believe the point of the article I stated is that while OpenSSH is Open Source it is a huge base of code that very few people know the details of which can inadvertently have exploits present which are not known by Open Source reviewers. Again, I'm not saying it's insecure or has a backdoor in it. What I am saying is that it's something we need (obviously this is the very reason we WANT this open source!) to have people actually checking the integrity of the code.
NSA is listening to everything its said.
OpenSSL is by many expert mentioned to very likely have been hijacked by NSA or others with expertise to insert vulerabilities in the code.
Thus, it should be considered to find a different encryption provider.