|
|
|
|
|
|
by smtddr
4214 days ago
|
|
|
No, you're wrong. People can give you whatever source code they want. That doesn't meant it's the same as what's running in production. While this is tin-foil-hat paranoia, when it comes to encryption software in this post-snowden world it is definitely more reliable to reverse-engineer the binary & network traffic than to just believe the provided source-code to encryption in a popular social app. Or compile the app from source that has been verified by trusted people. Definitely not believing that a binary blob running on your hardware is the same as the provided source. That said, it's also good to ask for source code so later on when reverse-engineering shows something different you've now caught the offending party in a lie; which is something good to have on record to refer to later on. |
|
|
So you are telling me if you had the source code you would not be able to verify the code and also use the code to fully verify the expected behavior of the binary?