Ask Slashdot: Linux Security, In Light of NSA Crypto-Subverting Attacks? 472
New submitter deepdive writes "I have a basic question: What is the privacy/security health of the Linux kernel (and indeed other FOSS OSes) given all the recent stories about the NSA going in and deliberately subverting various parts of the privacy/security sub-systems? Basically, can one still sleep soundly thinking that the most recent latest/greatest Ubuntu/OpenSUSE/what-have-you distro she/he downloaded is still pretty safe?"
No. (Score:4, Funny)
I think there's even a law for this kind of reply...
Re:Linux and RdRand (Score:5, Funny)
Re:AES (Score:5, Funny)
if the whole world goes for one cipher, then nsa can concentrate on creating and improving a single ASIC design for breaking it. we should be using hundreds of different algorithms. then they'd have to design hundreds of types of ASICs, build 100x more datacentres, increase taxation in USofA to 10x what it is now, yanks would rebel and overthrow that government and then there would be no more evil NSA. simples
Re:Not much worry with a source build (Score:3, Funny)
Or at least, they will have in ten years when the OpenBSD codebase catches up.
Re:AES (Score:5, Funny)
Pick a government. If you trust the Russians use GOST. If you trust the Japanese use CAMILLA.
Then use all three of them in sequence and hope it would be quite difficult to have them all cooperate to break your encryption.
Re:Not much worry with a source build (Score:5, Funny)
Re:Ken Thompson, Anyone? (Score:5, Funny)
If your prescription for fixing the issues of low security is to trust the Russian (nee Soviet) Government, I'm pretty sure you're doing it wrong.