Tuesday, 13 December 2011

Open source security software is better

Sometimes law enforcement groups will request that security software such as encryption tools be built with back doors that enable them to bypass the security with some kind of master password. Most people assume that this means everything mostly remains secure, but when necessary the police can bypass the security and catch the bad guys. The actual objection is that it means building in secret and deliberate weaknesses to the software, and that this vulnerability will eventually be exploited by the wrong people - the very criminals the police intend to catch with it.

Truly secure software is secure against every attempt to bypass it, because you can't know whether the attempt is legitimate or not. That's why good encryption software like TrueCrypt is distributed as open source. Anyone can look, anyone can build it, the FBI couldn't crack it when they had to because there is no back door, and anyone with the right know-how can look and verify that it has no back door.

Mokalus of Borg

PS - The only encryption software I use directly is KeePass.
PPS - Though encryption is probably built into a few other programs I use, like my web browser.

No comments: