Dear All, i just listened to this must-see seminar NSA operation ORCHESTRA: Annual Status Report - YouTube about the tactics our secret services seem to be using to be able to eavedrop.
Since we also have so many developers working on SAFE how do we guarantee thatp these tactics will not be applied on us? Is there thorough checking being done on each bit of code SAFE implements?
Thanks in advance for the feedback!
André
The community does some it’s own checking. The C++ version was partially audited with the response being positive. The auditors even stated that it was of great quality. The rust rewrite has yet to undergo a similar audit but that will come very soon. As for spy tactics and decryption I suggest you see the FAQ for a fairly detailed breakdown of potential attacks an the designed mitigations. A working SAFE network will be very powerful and resistant to almost all known attacks. The devs strive for simple effective code that eliminates unnecessary complexities and will over time with intervention adapt to new attacks.
That said, there are no guarantees. Just strong math and the hope that it is implemented properly. Hope that helps. If not, I leave it to those more thoroughly invested. I’m just a hopeful onlooker with a few things to say. Being here is one the MANY tasks I juggle daily. The main attraction being how passionate this community is. Rare in its makeup. Passion being only a tip of it’s awesomeness. It’s been slow lately, but it’ll soon pick up!
It seems to me the main attack vector that Safe doesn’t close is the end users OS. If a keylogger is installed on your machine then everything else is comprimised.
This isn’t a criticism of the approach, you can’t fix everything at once.
The keylogger attack vector can be easily remedied with hardware OTP tokens
What if someone can get Android working on the SAFE Network and this would be on a mobile phone. The mobile phone would be used to login through SQRL.
It seems like this would be a solution, because the Android os can be hacked, further more you can login simply by scanning the QRcode.
What about the RUST compiler? (Or any compiler for that matter?) Has the RUST compiler source been audited?
Nice! Very prudent of you to ask. GitHub - rust-lang/rust: Empowering everyone to build reliable and efficient software.