ChiefsPlanet - View Single Post

planetdoc · 05-29-2014, 04:11 PM

MD5 checksum is great to verify an already compiled executable. Its not as great for verifying code that you compile yourself, since that will vary depending on the hardware and software used to compile. That has been a longstanding problem with Truecrypt until recently (source doesnt perfectly match pre-compiled executable).

Those who argue that people should simply audit the source themselves to verify authenticity are either ignorant or being obtuse. Auditing Cryptographic software (and its implementation) is just too complex for a single user.

An example of this is the underhanded C contest whose point is to get malicous code past a rigorous inspection.

05-29-2014, 04:11 PM	#20
planetdoc Veteran Join Date: Apr 2012 Casino cash: $9995865	MD5 checksum is great to verify an already compiled executable. Its not as great for verifying code that you compile yourself, since that will vary depending on the hardware and software used to compile. That has been a longstanding problem with Truecrypt until recently (source doesnt perfectly match pre-compiled executable). Those who argue that people should simply audit the source themselves to verify authenticity are either ignorant or being obtuse. Auditing Cryptographic software (and its implementation) is just too complex for a single user. An example of this is the underhanded C contest whose point is to get malicous code past a rigorous inspection. Last edited by planetdoc; 05-29-2014 at 04:20 PM..
Posts: 2,174