| 1 |
The 21/02/14, Andrew Savchenko wrote: |
| 2 |
|
| 3 |
> Any decent security setup contains multiple layers of protection. |
| 4 |
> Use of non-standard binaries, algorithms or implementations is just |
| 5 |
> one of them and it is the simplest math to prove that security is |
| 6 |
> _improved_ this way. |
| 7 |
|
| 8 |
The algorithms and implementations do not change with configuration |
| 9 |
options while they are almost always the cause of security issues of a |
| 10 |
software. |
| 11 |
|
| 12 |
Of course, building the same software on different architectures or with |
| 13 |
custom configuration options will change the assembler code and the |
| 14 |
binary fingerprint might be totally different. But considering this a |
| 15 |
layer of protection remains non-sense and is a dangerous approach. The |
| 16 |
nature of Gentoo does not help in this area compared to other binary |
| 17 |
distributions. |
| 18 |
|
| 19 |
I don't pretend that non-standard binaries NEVER protect against some |
| 20 |
kind of issues. I pretend they are ridiculously insignificant in the |
| 21 |
wild. |
| 22 |
|
| 23 |
-- |
| 24 |
Nicolas Sebrecht |
Archives