Re: Possible deadly flaw - compromised software
"For a closed source implementation (eq most Windows programs) there is a danger that a deliberately weakened random number generator is used."
The very same problem exists for FOSS-code, even assuming it has been thoroughly audited. Consult the search engine of your least mistrust about "Reflections on Trusting Trust". As for the countermeasure proposed by Wheeler I'm not sure about its practicality in real life, given the various nondeterministic bits of compiler output; in any case it is (A) a rather involved procedure and (B) it would miss trusting-trust-style attacks targeting other system binaries or those performed at the firm- or hardware level.
Biting the hand that feeds IT
