Availability of Bovine source code (was Re: [rc5] Win32 GUI client is a trojan?)

Jason Boyles jason at alltel.net
Sun Nov 9 23:07:23 EST 1997


On Sun, 9 Nov 1997, Thom Davis wrote:
> On Sun, 9 Nov 1997 21:27:35 -0500 (EST), Jason Boyles wrote:
> >	The only reason I'm not participating in Bovine is because the
> >source is not freely available. No one is privy to my spare cycles
> >unless they're honest enough to show me their source code.
>  But then that leaves the Bovine code open to hacking and such things.
> If they are willing to gaurantee that it does not conflict with what I
> would ask, then that should be good enough. 

	You speak as though hacking the source were a bad thing. What if I
made it faster? Or made it work on a new architecture? Or fixed a
potential flaw? The more eyes on the code the better, IMO. 

>  Do you run ANY commercial software that has OPEN SOURCE code? No! but if
> you ask them a particular question they will answer it.

	Depends on how you define open. At work I run several commercial
applications to which I have the source. This allows us to tweak it to
meet our specifications. But then, these are the exception. Microsoft
isn't going to be handing over the source to NT or MS Word any time soon.

>  I personally don't believe your reasoning

	I do take into account the source (pun intended) of the program
when deciding what to run. It's highly unlikely that Microsoft Word is a
malicious bit of code marketed by Microsoft solely to compromise the
security of my Windows NT domain. However a free mystery binary from
something called the Bovine project, which sits in the background, eating
idle CPU, and occasionally chatting to some server on the Internet is
suspect in my opinion, even more so if they refuse to show me the source. 

	Honestly, I don't believe that bovine is out to get my
/etc/passwd, SAM, or .PWL files. I'd just like to give the source a once
over, primarily to satisfy my curiosity about how the programmers
implement their RC5 routines. And to be sure it's not going to do anything
stupid to my machine. 

	And, as I understand, the v3 clients will have their source
available, which is great.

Eagerly awaiting the v3 clients,
----
Jason Boyles <jason at alltel.net>
"The issue is not whether an encryption scheme is crackable,
but whether it's crackable before the heat death of the universe."

----
To unsubscribe, send email to majordomo at llamas.net with 'unsubscribe rc5' in the body.



More information about the rc5 mailing list