[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[tor-talk] [cryptography] The Heartbleed Bug is a serious vulnerability in OpenSSL



> Message du 11/04/14 15:38
> De : "Cathal Garvey (Phone)" 

> It'd be hard to hide an insertion if the devs all dig into the hashes of commits of their own local repos and compare, right? Even a broken hash would require changing input, so they could go an extra step and verify each commit using another hash algo, if they were feeling super-paranoid.
> 
> I'm still on the fence: this is the kind of error C is infamous for after all.
> 

Right, it is highly unlikely but not impossible, maybe the devs have copies and are digging through it. Which also won't exclude that Segelmann's PC itself was hacked in and the code modified after he e-mailed someone about having his job concluded and was delivering the goods.

Considering that the tinfoilers were right all along during an entire decade, I'm also on the fence with this.