Hacker News new | past | comments | ask | show | jobs | submit login

Without public availability of the source code and an auditable trail from source to build, there is really no way to trust it.

This is where I feel you might be a little bit dogmatic.

You don't need the source code to audit software. Software that are heavily used are audited.

Microsoft software is probably more scrutinized that any other open source one (I'm not implying it's more secure, just that it's more analyzed).

Security is a question of trust, not a question of source code. Even if you do the audit yourself, it's a question of trust: it means you trust your own abilities to evaluate the security.

I'll go a little bit further.

Did you check that the computer you bought isn't rigged? Maybe someone can remotely control your webcam or eavesdrop your keyboard.

Did you check that the operating system you have hasn't been compromised? Maybe someone intercepted your download and patched it on the fly to insert a backdoor.

Is your home physically secure? Maybe someone is copying your hard disk every day.

You're right when you say Silent Circle should be scrutinized and criticized.

Nevertheless, I disagree when you imply that the unavailability of its source code is a show stopper. Source code only makes one small part of the security audit a little bit easier.

Security is a process, not a feature.




BS! Crypto software has to be open source to be taken seriously - all the other things you write about are additional factors that count in and are not related to this one argument, so you are trying to wishiwashi the discussion - it only shows that you think your readers are not able to think clearly and in a well-structured way or you are not able to do it.

Without sourcecode no crypto routines can be trusted - period. Anything else might work in the fake industries, where producing marketing lies is part of a standardized way to make money, but not in the real crypto world.


Your opinion only makes sense if you think P(your analysis of the source code is correct) > P(you can trust person X) * P(person X's analysis of the source code is correct).

Actually the right hand side is much more difficult to defeat because it involves more than one person.


It is impossible to achieve trust in a tool, if process and function is kept intentionally hidden away, and your life is in the balance.

Knowing that medicine is openly reviewable create a trust level that secret sauce never can achieve.

Knowing that airplane/train/building architect plans are openly accessible creates a trust level that secret sauce never can achieve.

scrutinized security can sometimes help, but, again, would you trust secret sauce medicine just because 100 000 other people has done so and to your knowledge, no one died?

Unavailability of source code is a show stopper if you need to bet your life on the chance that it will perform correctly. Everything else is blind faith, and while its true that some people will accept blind faith over "real trustworthyness", those same people also form sects who refuse medicine and trust that a miracle will magically wand cancer away.

Security might be a process, but it require an process that gives the person on the receiving end a mean to assess trust. Secret sauce is inherit impossible to do so. Historical information (like the windows example) helps, but in the end, it is just a black box with oil in it that says "made from snakes - cures everything". So far, it has in some cases worked, and in other not, and several times the sauce has been announced as "improved" with new versions. Still, would you prefer to bet your life on it, or on a open disclosed medicine which might actually have been reviewed by a third-party? Which one is more trustworthy?


Microsoft actually operate a shared-source scheme.

So, yes, Windows does have its source code audited by customers who are willing to pay the price.

EDIT: Grammar


Are those customers free to report security bugs or are they forbidden by EULA and NDA's?


I don't know the details, but I imagine they will need to be private reports.


The idea is about taking it to "trusted-by-me", rather than relying on "industry-trusted" or "trusted-by-someone-else" sources for analysis and verification.

That doesn't mean that the "trusted-by-me" source has the means or the ability to give it the OK, but more that I don't have to trust you at all.

Security can only be guaranteed by the people you trust, rather than the people everyone else trusts.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: