[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

"a skilled backdoor-writer can defeat skilled auditors"?



Hi there,

in a different thread, Cam posted a link containing this gem:

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

In short several very skilled security auditors examined a small Python 
program â?? about 100 lines of code â?? into which three bugs had been inserted by 
the authors. There was an â??easy,â?? â??medium,â?? and â??hardâ?? backdoor. There were 
three or four teams of auditors.

1. One auditor found the â??easyâ?? and the â??mediumâ?? ones in about 70 minutes, and 
then spent the rest of the day failing to find any other bugs.

2. One team of two auditors found the â??easyâ?? bug in about five hours, and 
spent the rest of the day failing to find any other bugs.

3. One auditor found the â??easyâ?? bug in about four hours, and then stopped.

4. One auditor either found no bugs or else was on a team with the third 
auditor â?? the report is unclear.

See Chapter 7 of Yeeâ??s report for these details.

I should emphasize that that I personally consider these people to be 
extremely skilled. One possible conclusion that could be drawn from this 
experience is that a skilled backdoor-writer can defeat skilled auditors. This 
hypothesis holds that only accidental bugs can be reliably detected by 
auditors, not deliberately hidden bugs.

Anyway, as far as I understand the bugs you folks left in were accidental bugs 
that you then deliberately didnâ??t-fix, rather than bugs that you intentionally 
made hard-to-spot.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
https://blog.spideroak.com/20140220090004-responsibly-bringing-new-cryptography-product-market#footnote1

I have no problem believing it is thus, but can't help wondering if there are 
any ways to mitigate it.

-- 
Pozdr
rysiek
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 316 bytes
Desc: This is a digitally signed message part.
URL: <http://cpunks.org/pipermail/cypherpunks/attachments/20140604/6d02572f/attachment.sig>