Deterministic Builds Part Two: Technical Details | Tor Project
This is the second post in a two-part series on the build security improvements in the Tor...
Countering "Trusting Trust" - Schneier on Security
schneier.comWay back in 1974, Paul Karger and Roger Schell discovered a devastating attack against computer systems. Ken Thompson described it in his classic 1984 speech, “Reflections on Trusting Trust.” Basically, an attacker changes a compiler binary to produce malicious versions of some programs, INCLUDING ITSELF. Once this is done, the attack perpetuates, essentially undetectably. Thompson demonstrated the attack in a devastating way: he subverted a compiler of an experimental victim, allowing Thompson to log in as root without using a password. The victim never noticed the attack, even when they disassembled the binaries—the compiler rigged the disassembler, too...
Fully Countering Trusting Trust through Diverse Double-Compiling (DDC)
David A. Wheeler's Page on Countering 'Trusting Trust' through Diverse Double-Compiling (DDC) - Countering Trojan Horse attacks on Compilers
Deterministic Builds Part Two: Technical Details | Tor Project
This is the second post in a two-part series on the build security improvements in the Tor...
Securing The Software Supply Chain
This is the second part of a series about trust in digital content that might be called: Is this the real life? Is this just fantasy? Th...
Thinking about dependencies · sunshowers
Opinions about relying on other people's work.