Apple Opens Cryptographic Libraries to Third-Party Developers to Encourage Security

[Misaki]

Linux's security reputation is actually pretty bad. BSDs and UNIX variants have a good reputation. OpenBSD in particular is highly-regarded, in part because they audit changes rather stringently. Windows is getting better, and Linux is getting significantly worse.

OpenSSL is an extremely strong proof against the idea that open source is inherently more secure. It had tremendous numbers of very serious flaws that had been in it for years. Just because people can look at the code doesn't mean that they do. That's why the OpenBSD foundation forked OpenSSL, removed tons of options, and started developing it with their audit model as LibreSSL. It's why the OpenBSD guys recently replaced sudo with a new tool called doas that has far fewer options and as a result, far less that can go wrong.

In my experience, much software developed for Linux is built on the platform because it's free and it lets the developers work very quickly. Tons of open-source code runs on Linux, so you just have to download a bunch of libraries and write glue code to get them to do what you want. Unfortunately, many don't take the time to set up their application to run properly under a non-root user account. For that matter, the recommended installation method for a lot of software now is to run curl to fetch a URL, then pipe the output to a root-level bash shell. That is literally telling your system to do whatever some web server or anything claiming to be that server tells it to do.

Linux is getting worse because many companies are using it as "cheap" licenses without any desire to support it. Take all the "VPS" hosting running CentOS. Every single person running a CentOS system can't upgrade their system. OpenBSD, FreeBSD, very easy to upgrade their system.

The Linux Vendors want to sell you a new VPS every year instead of fixing bugs.

Also I really hate the "Libre" movement of hijacking a project (Mysql->MariaDB,OpenSSL->LibreSSL,OpenOffice->LibreOffice, etc.) Instead of fixing what's wrong with the standard distribution, they instead fork their own incompatible version which just creates more problems. The open source motto should be "fork it until all dissenters abandon it", fine I get it, open source, fork your own, blah blah blah, but nobody wants 200 versions of the same product with only trivial improvements and a whole lot of incompatibility. That's the problem with Android and Linux to begin with.

OpenSSL obviously felt compatibility was more important than addressing bugs in a timely manner, or they lacked developers able to see the significance of the bugs. Does the LibreSSL version improve on this? Absolutely not. The only thing they did was axe features that they simply didn't want to deal with instead of fixing them.

The policy of ALL operating systems should be "Do not ship your own SSL/Crypto library, do not statically compile against a crypto library, do not wrap the crypto library. This is for your own good" for anything that runs at OS boot time.

 

[SteveW928]

Seems like Apple really does say no to the govt.. I think the questions are whether they've been compromised despite saying "No" (the article above) or at what point does the government secretly force them to do stuff they don't want to & can't talk about.

Your last sentence is probably the key. From what I understand, the bill that passed the House and Senate recently indemnifies companies that allow such access, and you know they are pushing for it. Can we really take Apple at their word? I hope so, but who knows?

And, Comey is encouraging companies to implement more 'in transit' encryption, where the info is encrypted but the service is designed to do some kind of processing (thus decryption) and that's where the govt will tap in.

 

[SteveW928]

Just because people can look at the code doesn't mean that they do.

Bingo! Most open source projects barely seem to get enough eyes and talents to keep up with basic bug squashing and possibly adding a new feature now and then. These armies of coders, finding every flaw is nice in theory, but mostly fictitious.

 

[sudo1996]

In theory you could verify that the source code is in fact running. Compile the source to binary and look at the binaries. It would take some effort but it certainly could be done.

You could also disassemble (convert the binary to assembly) the crypto library and look at what the code is doing and verify that it is doing about the same job as the C source code.

Both methods are labor intensive because you don't get a byte per byte match even if everything is as it should be. Even so, I bet someone has already looked and we'd hear quickly if we were tricked.

I think it's nearly impossible to do that thoroughly within a reasonable timespan. As you said, you're not going to get the exact same instructions when you compile the source code. They could slip something in. A single extra jump instruction could constitute a security vulnerability.